Displaying 3 results from an estimated 3 matches for "ssl_protols".
Did you mean:
ssl_protocols
2017 Aug 27
3
[PATCH] Add support for lower TLS version than default
...STR, ssl_protocols),
>> DEF(SET_STR, ssl_cert_username_field),
>> DEF(SET_STR, ssl_crypto_device),
>> + DEF(SET_STR, ssl_lowest_version),
>
>Does it really require a new setting? Couldn't it use the existing
>ssl_protocols setting?
You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+.
If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowest ve...
2017 Aug 27
0
[PATCH] Add support for lower TLS version than default
...gt;>> DEF(SET_STR, ssl_cert_username_field),
>>> DEF(SET_STR, ssl_crypto_device),
>>> + DEF(SET_STR, ssl_lowest_version),
>> Does it really require a new setting? Couldn't it use the existing
>> ssl_protocols setting?
> You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+.
> If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowe...
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
The openssl library in Debian unstable (targeting Buster) supports
TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0.
If the admin decides to also support TLS1.[01] users he can then enable
the lower protocol version in case the users can't update their system.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
src/config/all-settings.c