[Gluster-users] SSL ciphers

[Jeff Darcy]

> I dug a bit on the matter and I'm a quite puzzled here. In OpenSSL, there's a
> SSLv23_METHOD which selects which is more appropriate but I see nothing
> equivalent for TLS! Each version have its dedicated function call like
> TLSv1_METHOD, TLSv1_1_METHOD and TLSv1_2_METHOD!

I was kind of surprised by the same thing, but I guess I shouldn't have been.
This only scratches the surface of the horror that is the OpenSSL API, but
what's really scary is that the two main alternatives (GnuTLS and NSS) seem
even worse.  I used to have hopes of switching to PolarSSL, which has a
better and better-documented API, but I keep getting buried by other tasks so
I don't know if/when that will ever happen.

> Thank you very much for pointing out the interesting bits and helping figure
> out things. Have fun debugging :-)

You're quite welcome.  Misery loves company.  ;)  Please keep us informed of
your findings.