Dear Stephen, On Mon, Nov 16, 2015 at 5:22 PM, Stephen Henson via RT <[email protected]> wrote:
> On Sun Nov 15 10:04:28 2015, [email protected] wrote: > > Hello! > > > > In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set > > the SSL_SSLV3 for the GOST ciphersuites. But the GOST ciphersuites are > not > > usable with SSLv3, they require TLSv1. > > > > Could you turn the flag back for the GOST ciphersuites? > > > > Does that commit break anything? It should not change the previous > functionality in any way because we also had this in ssl_locl.h: > No, it does not break our tests. > > # define SSL_TLSV1 SSL_SSLV3/* for now */ > > The subsequent commits change SSL_TLSV1 so it really disables ciphersuites > in > SSL v3 (before it didn't) and adds the flag to PSK+SHA2 ciphersuites, We > can > add SSL_TLSV1 to the GOST ciphersuites but that will change the behaviour > from > what it was before. > Usage of the GOST ciphersuites with the SSLv3 protocol is not specified, so the change should not affect the GOST-related behaviour. So I think it will be better for clarity. Thank you! -- SY, Dmitry Belyavsky _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
