[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
John Stoffel john@stoffel.org
Fri, 28 Jul 2017 16:01:01 GMT
>>>>> "solo-conserver" == solo-conserver <solo-conserver@goeswhere.com> writes: solo-conserver> On Tue, Jul 25, 2017 at 05:43:06PM -0400, John Stoffel wrote: >> I wonder if the issue is that it looks like you're trying to use >> sslv3, but I bet you need to change to using TLSv1 or v2 instead, >> since ssl2 and ssl3 are deprecated now. solo-conserver> This is fixed by OpenSSL itself by macros; requests for SSL2/3 are just solo-conserver> requests for "the latest TLS version" now: solo-conserver> https://github.com/openssl/openssl/blob/d445302418b41b76c15e103954b1311d98077480/include/openssl/ssl.h#L1750 solo-conserver> I can see this in the tcpdump; the client is happily talking 1.2. That's good to know. >> Can you post your patches? Or a link to a git repo I could pull and >> glance over? But I warn you all, I'm not a strong C hacker at all... solo-conserver> I didn't realise the mailing list would strip the patch, bah! Here's a repo: solo-conserver> https://github.com/FauxFaux/conserver solo-conserver> The patch: solo-conserver> https://github.com/FauxFaux/conserver/commit/08be145f18fe4dda5e7cb4cd8fc65420e45348f3 I'm looking at this now. Got busy with other stuff past few days... solo-conserver> You can see the problem just by running: solo-conserver> autoreconf -vf solo-conserver> ./configure --with-openssl solo-conserver> make solo-conserver> make test Can you give more details on your evironment, and the exact version of openssl you have installed? Also, looking at your patch, I see that you removed DH_new() call, but never replaced it. So I wonder if that's part of the problem? John