Mailinglist Archive: opensuse-buildservice (327 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS is using new login auth proxy

That has an unexpected side effect. Selecting TLS 1.0 explictly will
make openssl only accept that and nothing else. Ie would reject TLS
1.1 or any other newer version. Contrary to what the name suggests
SSLv23_client_method does support TLS, any version. It automatically
accepts the best version available. So to force TLS only use
SSLv23_client_method() and disable SSLv2 and SSLv3 :-)
That's exactly what the proposed apache config
SSLProtocol all -SSLv2 -SSLv3
internally does too.


Holy crap !! It doesnt get more tricky than SSL it seems :-D and yes, of
course you are right, it is documented that way. damn =)

So flags SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3 might used or not in the case
if SSLv3 and V2 are disabled in the server openSSL has no choice but
TLS..I get it now..


To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >