[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: Porting conserver to OpenSSL 1.1

solo-conserver solo-conserver@goeswhere.com
Wed, 26 Jul 2017 21:09:17 GMT

On Tue, Jul 25, 2017 at 05:43:06PM -0400, John Stoffel wrote:
> I wonder if the issue is that it looks like you're trying to use
> sslv3, but I bet you need to change to using TLSv1 or v2 instead,
> since ssl2 and ssl3 are deprecated now.

This is fixed by OpenSSL itself by macros; requests for SSL2/3 are just
requests for "the latest TLS version" now:


I can see this in the tcpdump; the client is happily talking 1.2.

> Can you post your patches?  Or a link to a git repo I could pull and
> glance over?  But I warn you all, I'm not a strong C hacker at all...

I didn't realise the mailing list would strip the patch, bah! Here's a repo:


The patch:


You can see the problem just by running:
autoreconf -vf
./configure --with-openssl
make test


executing test #1...failed (diffs in test1.diff)