On Thu, Mar 19, 2015 at 8:46 PM, Jeff Darcy <[email protected]> wrote:
> > socket.c:2915 > > > priv->ssl_meth = (SSL_METHOD *)TLSv1_method(); > > > > I'm really glad to hear that :-) > > > FWIW, using TLSv1_2_method instead doesn't immediately seem to break. > Unfortunately, every possible piece of code for 3.7 got merged one > second before the feature-freeze deadline today, and that generated a > lot of wreckage. I'll have to wait for that to clear before I can do > a meaningful test of this one-line change. > Oh dear! I'm not familiar with SSL API calls but given what you wrote above, I just realized that GlusterFS indeed supports TLS but "v1" only as you mention a "TLSv1_2_method()". I dug a bit on the matter and I'm a quite puzzled here. In OpenSSL, there's a SSLv23_METHOD which selects which is more appropriate but I see nothing equivalent for TLS! Each version have its dedicated function call like TLSv1_METHOD, TLSv1_1_METHOD and TLSv1_2_METHOD! I really wonder why they didn't include a generic method which would negociate the best protocol version between client and server :-( Anyways, I'll recompile the Ubuntu packages from the PPA applying a small patch to change "TLSv1_method()" to "TLSv1_2_method()" to see if it works in my case. Thank you very much for pointing out the interesting bits and helping figure out things. Have fun debugging :-) -- Unix _IS_ user friendly, it's just selective about who its friends are.
_______________________________________________ Gluster-users mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-users
