From owner-freebsd-ports@freebsd.org Wed Apr 15 05:55:34 2020 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EB78C2AC052 for ; Wed, 15 Apr 2020 05:55:34 +0000 (UTC) (envelope-from peo@nethead.se) Received: from ns1.nethead.se (ns1.nethead.se [5.150.237.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ns1.nethead.se", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 492BRB15f8z4K6K for ; Wed, 15 Apr 2020 05:55:33 +0000 (UTC) (envelope-from peo@nethead.se) X-Virus-Scanned: amavisd-new at Nethead AB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nethead.se; s=NETHEADSE; t=1586930127; bh=8CdmdOYnqkFKg55KmGqdq16ZU3uGG7eIc+jdSpBWYWc=; h=Subject:To:References:From:Date:In-Reply-To; b=UeJPJrdPUmknsVT/d+JdM4EgVJAsvzqB189bOCV/kL5Lpx9mkeLWtiCxQWVgmW9NZ U2bENSWmDH9VOzSoePWkT3QEp51YPZp7z/fgVa8WnzH21JkRZsnUvr+MrgjoX7uwq7 8fmWh+rpfG/4VFSG0A5Au5faBUUdCO77s4gHOAzU= Subject: Re: openssl problem after 11 -> 12 To: freebsd-ports@freebsd.org References: <1b820dcf-34ad-b7af-d25c-ea337f9376b2@nethead.se> <20200414150819.zpo7znhwipg65fsm@aching.in.mat.cc> <1232ac82-24c4-66e7-cdf6-db72fb769ed9@nethead.se> <1e35fefe-b8a8-0dc5-5b4a-adf205ff4263@nethead.se> From: Per olof Ljungmark Message-ID: <397b4653-3570-90ee-1960-c4d24f921df1@nethead.se> Date: Wed, 15 Apr 2020 07:55:24 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 492BRB15f8z4K6K X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=nethead.se header.s=NETHEADSE header.b=UeJPJrdP; dmarc=pass (policy=none) header.from=nethead.se; spf=pass (mx1.freebsd.org: domain of peo@nethead.se designates 5.150.237.139 as permitted sender) smtp.mailfrom=peo@nethead.se X-Spamd-Result: default: False [-5.89 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[nethead.se:s=NETHEADSE]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:5.150.237.139]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[nethead.se:+]; DMARC_POLICY_ALLOW(-0.50)[nethead.se,none]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.89)[ip: (-9.80), ipnet: 5.150.192.0/18(-4.90), asn: 8473(0.27), country: SE(-0.03)]; ASN(0.00)[asn:8473, ipnet:5.150.192.0/18, country:SE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Apr 2020 05:55:35 -0000 On 2020-04-15 00:39, Matthias Andree wrote: > >> Finally managed to figure it out, you need to tell the perl script >> exactly what cipher to use, so I added to 'check_ilo2_health.pl': >> --sslopts 'SSL_verify_mode => SSL_VERIFY_NONE, SSL_version => >> "TLSv1_1", SSL_cipher_list => "EDH-RSA-DES-CBC3-SHA"' >> >> Works with openssl from ports. > > But "SSL_VERIFY_NONE" should be unrelated to the versioning/cipher issues. > If you need SSL_VERIFY_NONE, then the certificate and/or chains and/or > trusts are not configured properly. > Yes, it is unrelated, the server certs are self-signed.