[Gluster-devel] Logjam
Emmanuel Dreyfus
manu at netbsd.org
Wed May 27 15:01:34 UTC 2015
On Wed, May 27, 2015 at 10:51:34AM -0400, Jeff Darcy wrote:
> Not any more. Currently, SSLv23_method is deprecated, and TLS_method is
> the preferred way to get multi-version negotiation. Which brings us to
> exactly the "compatibility with decade-old versions" morass
Well, just do as everysone does: SSLv23_method with SSL_OP_NO_SSLv[23]
options. It is deprecated but it is still there and it works fine.
And if Systems OpenSSL does not have SSL_OP_NO_SSLv[23] then it would be
a good idea to not support it :-)
> I don't mean to be snarky here, but it seems like you've spent more
> time studying OpenSSL usage across multiple versions and projects than
> it would have taken to write a patch. Is that an indictment of our
> overly burdensome patch-submission process, or something else? What
> can we do to improve this?
Throwing a patch is fast, but what is time consuming is to test. I will
make an attemps once I will have figured why Samba cannot connect to a
lDAP/SSL directory with a SHA256 signed certificate (it has nothing to do
with glusterfs, but it keeps me busy anyway).
--
Emmanuel Dreyfus
manu at netbsd.org
More information about the Gluster-devel
mailing list