Re: git: 3653c88dfeb3 - main - irc/ircd-ratbox: Unbreak with modern OpenSSL
- In reply to: Matthias Andree : "Re: git: 3653c88dfeb3 - main - irc/ircd-ratbox: Unbreak with modern OpenSSL"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 02 Jul 2024 21:18:47 UTC
On (07/02/24 00:34), Matthias Andree wrote:
>Thanks.
>
>Should that also get options to add SSL_OP_NO_SSLv3, and possibly does
>it - or should one add - options to set the minimum negotiable TLS
>version to 1.2?
Maybe? At the moment, it should default to the system-wide constraints within
openssl.cnf (MinProtocol, etc).
I've kicked the patch to the ratbox dev and did ask about the idea of
options to specify thing within the app. I'm not sure they were
interested in pursuing it at that level of detail.
At the very least, it is an improvement in that it will at least let
tlsv1.2 and 1.3 function now.
-r
>
>>+
>>+- ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
>>++ ssl_client_ctx = SSL_CTX_new(TLS_client_method());
>>+
>>+ if(ssl_client_ctx == NULL)
>>+ {
>
>--
>Matthias Andree
>FreeBSD ports committer
>
--
Ryan Steinmetz
PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7