Date: Thu, 27 Feb 2020 20:42:18 +0100 From: Willem Jan Withagen <wjw@digiware.nl> To: Miroslav Lachman <000.fbsd@quip.cz>, "ports@freebsd.org" <ports@freebsd.org> Subject: Re: About protocols in openssl Message-ID: <75330ed3-5f85-ea63-b8df-c73b5426b5a8@digiware.nl> In-Reply-To: <d7673dcd-467a-25ce-bca7-21cd74bf1777@quip.cz> References: <f7d98734-20dd-5ee7-b8b9-6ebc69603cb7@digiware.nl> <d7673dcd-467a-25ce-bca7-21cd74bf1777@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27-2-2020 20:25, Miroslav Lachman wrote: > Willem Jan Withagen wrote on 2020/02/27 20:00: >> Hi, >> >> My ceph ports uses all kinds of python stuff, and now the trouble is >> that I'm getting >> an error on missing: >> SSLv3_client_method >> >> Which i guess, is because in the current openssl libs SSLv3 is disabled. >> And I sort of get this, SSLv3 is unsafe. >> >> But I need it to be able to run parts of the ceph port. >> >> So how do I get a openssl lib dependancy that has SSLv3 enabled. > > You can build OpenSSL 1.1.1 from the ports where you can enable SSLv3 > in the options dialog. > > https://www.freshports.org/security/openssl/ > > The defaults are: > ====> Protocol Support > NEXTPROTONEG=on: Next Protocol Negotiation (SPDY) > SCTP=on: SCTP (Stream Control Transmission) > SSL3=off: SSLv3 (unsafe) > TLS1=on: TLSv1.0 (requires TLS1_1, TLS1_2) > TLS1_1=on: TLSv1.1 (requires TLS1_2) > TLS1_2=on: TLSv1.2 Yup, this is what I did, and that works. But how do I do that for a port? And the make sure that the installer of the ceph-package gets an openssl that had SSLv3 --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75330ed3-5f85-ea63-b8df-c73b5426b5a8>