On Thu, Mar 19, 2015 at 8:46 PM, Jeff Darcy <jdarcy at redhat.com> wrote:
> > socket.c:2915
> > > priv->ssl_meth = (SSL_METHOD *)TLSv1_method();
> >
> > I'm really glad to hear that :-)
>
>
> FWIW, using TLSv1_2_method instead doesn't immediately seem to break.
> Unfortunately, every possible piece of code for 3.7 got merged one
> second before the feature-freeze deadline today, and that generated a
> lot of wreckage. I'll have to wait for that to clear before I can do
> a meaningful test of this one-line change.
>
Oh dear! I'm not familiar with SSL API calls but given what you wrote
above, I just realized that GlusterFS indeed supports TLS but "v1"
only as
you mention a "TLSv1_2_method()".
I dug a bit on the matter and I'm a quite puzzled here. In OpenSSL,
there's
a SSLv23_METHOD which selects which is more appropriate but I see nothing
equivalent for TLS! Each version have its dedicated function call like
TLSv1_METHOD, TLSv1_1_METHOD and TLSv1_2_METHOD!
I really wonder why they didn't include a generic method which would
negociate the best protocol version between client and server :-(
Anyways, I'll recompile the Ubuntu packages from the PPA applying a small
patch to change "TLSv1_method()" to "TLSv1_2_method()" to
see if it works
in my case.
Thank you very much for pointing out the interesting bits and helping
figure out things. Have fun debugging :-)
--
Unix _IS_ user friendly, it's just selective about who its friends are.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.gluster.org/pipermail/gluster-users/attachments/20150321/4775b26b/attachment.html>