Packages to be dropped after openssl 1.1.1 rebuild
Adam Golebiowski
adamg at pld-linux.org
Wed Nov 14 18:35:58 CET 2018
On Wed, Nov 14, 2018 at 03:49:37PM +0100, Arkadiusz Miśkiewicz wrote:
> On 03/11/2018 11:11, Jan Rękorajski wrote:
> > The below packages will be removed from Th next week (~10th Nov) along
> > with any broken deps their removal will cause.
>
> Side note from bacula commit:
>
> "+ TLSv1_method() should not be used and SSLv23_method() should be
> + preferred because the latter supports TLS1.0…1.2 while the former
> _only_
> + tries TLS1.0."
>
> if that's true then some of our openssl patches should switch back from
> TLSv1_method to SSLv23_method
openssl docs [0] recommends TLS_method() instead of SSLv23_method() or
TLSv1_method()
"TLS_method(), TLS_server_method(), TLS_client_method()
These are the general-purpose version-flexible SSL/TLS methods. The
actual protocol version used will be negotiated to the highest
version mutually supported by the client and the server. The
supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
Applications should use these methods, and avoid the
version-specific methods described below."
[0] https://www.openssl.org/docs/man1.1.0/ssl/TLS_method.html
--
adamg
More information about the pld-devel-en
mailing list