Mailinglist Archive: opensuse-buildservice (327 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS is using new login auth proxy
Jan-Simon Möller wrote:
Ok, in conjunction with the just posted patch to osc:
--- a/osc/oscssl.py
+++ b/osc/oscssl.py
@@ -153,7 +153,7 @@ class ValidationErrors:
class mySSLContext(SSL.Context):

def __init__(self):
- SSL.Context.__init__(self, 'sslv23')
+ SSL.Context.__init__(self, 'tlsv1')
self.set_options(m2.SSL_OP_ALL | m2.SSL_OP_NO_SSLv2) # m2crypto does
this for us but better safe than sorry
self.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
self.verrs = None


and the above "-SSLv2 -SSLv3" , we lock out old clients!
Thats no good. Thus we might have to allow v3 at least for a grace period ?

No, see reply to the patch. 'sslv23' doesn't mean old clients only used SSLv3.
The name is misleading.

cu
Ludwig

--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >