Jan-Simon Möller wrote:
Ok, in conjunction with the just posted patch to osc: --- a/osc/oscssl.py +++ b/osc/oscssl.py @@ -153,7 +153,7 @@ class ValidationErrors: class mySSLContext(SSL.Context):
def __init__(self): - SSL.Context.__init__(self, 'sslv23') + SSL.Context.__init__(self, 'tlsv1') self.set_options(m2.SSL_OP_ALL | m2.SSL_OP_NO_SSLv2) # m2crypto does this for us but better safe than sorry self.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) self.verrs = None
and the above "-SSLv2 -SSLv3" , we lock out old clients! Thats no good. Thus we might have to allow v3 at least for a grace period ?
No, see reply to the patch. 'sslv23' doesn't mean old clients only used SSLv3. The name is misleading. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org