Date: Tue, 2 Jul 2024 17:18:47 -0400 From: Ryan Steinmetz <zi@freebsd.org> To: Matthias Andree <mandree@freebsd.org> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 3653c88dfeb3 - main - irc/ircd-ratbox: Unbreak with modern OpenSSL Message-ID: <ZoRut8YOYZbMKwUG@exodus.zi0r.com> In-Reply-To: <1aee547b-fb9c-4a35-957b-1c6eb34d106c@FreeBSD.org> References: <202407012147.461LlLWb038146@gitrepo.freebsd.org> <1aee547b-fb9c-4a35-957b-1c6eb34d106c@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On (07/02/24 00:34), Matthias Andree wrote:
>Thanks.
>
>Should that also get options to add SSL_OP_NO_SSLv3, and possibly does
>it - or should one add - options to set the minimum negotiable TLS
>version to 1.2?
Maybe? At the moment, it should default to the system-wide constraints within
openssl.cnf (MinProtocol, etc).
I've kicked the patch to the ratbox dev and did ask about the idea of
options to specify thing within the app. I'm not sure they were
interested in pursuing it at that level of detail.
At the very least, it is an improvement in that it will at least let
tlsv1.2 and 1.3 function now.
-r
>
>>+
>>+- ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
>>++ ssl_client_ctx = SSL_CTX_new(TLS_client_method());
>>+
>>+ if(ssl_client_ctx == NULL)
>>+ {
>
>--
>Matthias Andree
>FreeBSD ports committer
>
--
Ryan Steinmetz
PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZoRut8YOYZbMKwUG>