[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: Porting conserver to OpenSSL 1.1

solo-conserver solo-conserver@goeswhere.com
Wed, 26 Jul 2017 21:09:17 GMT


On Tue, Jul 25, 2017 at 05:43:06PM -0400, John Stoffel wrote:
> I wonder if the issue is that it looks like you're trying to use
> sslv3, but I bet you need to change to using TLSv1 or v2 instead,
> since ssl2 and ssl3 are deprecated now.

This is fixed by OpenSSL itself by macros; requests for SSL2/3 are just
requests for "the latest TLS version" now:

https://github.com/openssl/openssl/blob/d445302418b41b76c15e103954b1311d98077480/include/openssl/ssl.h#L1750

I can see this in the tcpdump; the client is happily talking 1.2.



> Can you post your patches?  Or a link to a git repo I could pull and
> glance over?  But I warn you all, I'm not a strong C hacker at all...

I didn't realise the mailing list would strip the patch, bah! Here's a repo:

https://github.com/FauxFaux/conserver

The patch:

https://github.com/FauxFaux/conserver/commit/08be145f18fe4dda5e7cb4cd8fc65420e45348f3

You can see the problem just by running:
autoreconf -vf
./configure --with-openssl
make
make test

..

executing test #1...failed (diffs in test1.diff)

..

--
Chris.