From nobody Tue Jul 02 21:18:47 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WDG496kYjz5Pfbk for ; Tue, 02 Jul 2024 21:18:49 +0000 (UTC) (envelope-from zi@freebsd.org) Received: from exodus2.zi0r.com (exodus2.zi0r.com [75.148.12.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "exodus.zi0r.com", Issuer "Gandi RSA Domain Validation Secure Server CA 3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WDG494CmBz4tjs; Tue, 2 Jul 2024 21:18:49 +0000 (UTC) (envelope-from zi@freebsd.org) Authentication-Results: mx1.freebsd.org; none Received: from exodus.zi0r.com (syn.zi0r.com [71.179.14.194]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by exodus.zi0r.com (Postfix) with ESMTPSA id 8B8DA89283; Tue, 2 Jul 2024 17:18:48 -0400 (EDT) Date: Tue, 2 Jul 2024 17:18:47 -0400 From: Ryan Steinmetz To: Matthias Andree Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 3653c88dfeb3 - main - irc/ircd-ratbox: Unbreak with modern OpenSSL Message-ID: References: <202407012147.461LlLWb038146@gitrepo.freebsd.org> <1aee547b-fb9c-4a35-957b-1c6eb34d106c@FreeBSD.org> List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <1aee547b-fb9c-4a35-957b-1c6eb34d106c@FreeBSD.org> X-Spam-Score: -0.06 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:7922, ipnet:75.144.0.0/13, country:US] X-Rspamd-Queue-Id: 4WDG494CmBz4tjs On (07/02/24 00:34), Matthias Andree wrote: >Thanks. > >Should that also get options to add SSL_OP_NO_SSLv3, and possibly does >it - or should one add - options to set the minimum negotiable TLS >version to 1.2? Maybe? At the moment, it should default to the system-wide constraints within openssl.cnf (MinProtocol, etc). I've kicked the patch to the ratbox dev and did ask about the idea of options to specify thing within the app. I'm not sure they were interested in pursuing it at that level of detail. At the very least, it is an improvement in that it will at least let tlsv1.2 and 1.3 function now. -r > >>+ >>+- ssl_client_ctx = SSL_CTX_new(TLSv1_client_method()); >>++ ssl_client_ctx = SSL_CTX_new(TLS_client_method()); >>+ >>+ if(ssl_client_ctx == NULL) >>+ { > >-- >Matthias Andree >FreeBSD ports committer > -- Ryan Steinmetz PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7