Matus UHLAR - fantomas writes:
I have tried with debian wheezy 7.8, courier 0.68.2, openssl 1.0.1e and I can confirm the same Gerald encountered - ssl3, tls1, tls1_1 and tls1_2 are allowed by default, but whatever I have tried, i was not able to disable ssl3 while keeping tls1_1 and tls1_2 allowed...how does couriertls pass list of allowed protocols to openssl?
Via appropriate OpenSSL API calls. Different protocol configurations require different OpenSSL API calls to enable. As such, each OpenSSL client needs to specifically know about the supported API versions. That version of Courier is too old to know about the appropriate calls, and flags, to implement this particular protocol configuration.
GnuTLS's API is much more flexible. Supported protocols can be configured via a single setting, that can be specified as an externally supplied label; so it's possible for employ new protocol combinations supported in newer versions of GnuTLS than the one the application is built against.
pgpZsk2yfdBPn.pgp
Description: PGP signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
