On Fri, Jul 27, 2018 at 04:29:40PM +0200, Timothy Redaelli wrote: > Currently protocol_flags is populated by the list of SSL and TLS > protocols by hand. This means that when a new TLS version is added to > openssl (in this case TLS v1.3 is added to openssl 1.1.1 beta) > ovsdb-server automatically enable support to it with the default ciphers. > This can be a security problem (since other ciphers can be enabled) and it > also makes a test (SSL db: implementation) to fail. > > This commit changes the 'protocol_flags' to use the list of all protocol > flags as provided by openssl library (SSL_OP_NO_SSL_MASK) so there is no > need to keep the list updated by hand. > > Signed-off-by: Timothy Redaelli <[email protected]>
Thanks, applied to master and backported as far as branch-2.7. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
