[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Wed, 26 Jul 2017 21:09:17 GMT
On Tue, Jul 25, 2017 at 05:43:06PM -0400, John Stoffel wrote: > I wonder if the issue is that it looks like you're trying to use > sslv3, but I bet you need to change to using TLSv1 or v2 instead, > since ssl2 and ssl3 are deprecated now. This is fixed by OpenSSL itself by macros; requests for SSL2/3 are just requests for "the latest TLS version" now: https://github.com/openssl/openssl/blob/d445302418b41b76c15e103954b1311d98077480/include/openssl/ssl.h#L1750 I can see this in the tcpdump; the client is happily talking 1.2. > Can you post your patches? Or a link to a git repo I could pull and > glance over? But I warn you all, I'm not a strong C hacker at all... I didn't realise the mailing list would strip the patch, bah! Here's a repo: https://github.com/FauxFaux/conserver The patch: https://github.com/FauxFaux/conserver/commit/08be145f18fe4dda5e7cb4cd8fc65420e45348f3 You can see the problem just by running: autoreconf -vf ./configure --with-openssl make make test .. executing test #1...failed (diffs in test1.diff) .. -- Chris.