Date: Wed, 15 Apr 2020 22:06:52 +0200 From: Matthias Andree <matthias.andree@gmx.de> To: freebsd-ports@freebsd.org Subject: Re: openssl problem after 11 -> 12 Message-ID: <c1610bf6-0190-0ea9-f78d-0a31d95811d6@gmx.de> In-Reply-To: <397b4653-3570-90ee-1960-c4d24f921df1@nethead.se> References: <1b820dcf-34ad-b7af-d25c-ea337f9376b2@nethead.se> <20200414150819.zpo7znhwipg65fsm@aching.in.mat.cc> <1232ac82-24c4-66e7-cdf6-db72fb769ed9@nethead.se> <1e35fefe-b8a8-0dc5-5b4a-adf205ff4263@nethead.se> <f55ce991-eae5-6f2c-81c1-fd12467464da@gmx.de> <397b4653-3570-90ee-1960-c4d24f921df1@nethead.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 15.04.20 um 07:55 schrieb Per olof Ljungmark: > On 2020-04-15 00:39, Matthias Andree wrote: >> >>> Finally managed to figure it out, you need to tell the perl script >>> exactly what cipher to use, so I added to 'check_ilo2_health.pl': >>> --sslopts 'SSL_verify_mode => SSL_VERIFY_NONE, SSL_version => >>> "TLSv1_1", SSL_cipher_list => "EDH-RSA-DES-CBC3-SHA"' >>> >>> Works with openssl from ports. >> >> But "SSL_VERIFY_NONE" should be unrelated to the versioning/cipher >> issues. >> If you need SSL_VERIFY_NONE, then the certificate and/or chains and/or >> trusts are not configured properly. >> > > Yes, it is unrelated, the server certs are self-signed. Then by all means transfer the CA's certificate safely and deploy it on the peers's trust storage, so that you can actually verify the server certificate. SSL_VERIFY_NONE is so... 1990s.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c1610bf6-0190-0ea9-f78d-0a31d95811d6>