> On July 22, 2015, 7:51 p.m., Michael Park wrote: > > 3rdparty/libprocess/src/openssl.cpp, line 332 > > <https://reviews.apache.org/r/36656/diff/1/?file=1018170#file1018170line332> > > > > Saw this while grepping for `SSLv2`. > > > > We still need to use this rather than `TLS_method` currently because of > > support for older OpenSSL, correct? > > > > Just wondering since we no longer support `SSLv2`. OpenSSL > > documentation [1] mentions that `SSLv23_method` has been replaced with > > `TLS_method` which supports `SSLv3`, `TLSv1`, `TLSv1.1` and `TLSv1.2`. It > > also mentioned that `TLS_method` was introduced in OpenSSL 1.1.0. > > > > [1] https://www.openssl.org/docs/ssl/TLSv1_1_server_method.html
Indeed. I think we should maintain support for older versions of OpenSSL for now. I will add a comment referencing this for future deprecation though. Thanks! > On July 22, 2015, 7:51 p.m., Michael Park wrote: > > 3rdparty/libprocess/src/openssl.cpp, lines 483-489 > > <https://reviews.apache.org/r/36656/diff/1/?file=1018170#file1018170line483> > > > > Saw this while grepping for `SSLv2`. > > > > I feel like `SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx));` > > would be a concise way to do this? > > > > It would also continue to completely clear the options, even if new > > protocols were to be introduced into OpenSSL. I agree that it would be more concise; however, it would also clear the options that are set by default during construction. I don't think it is a safe strategy to blindly clear them. I'm going to leave the manual clear for now. - Joris ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/36656/#review92638 ----------------------------------------------------------- On July 21, 2015, 10:51 p.m., Joris Van Remoortere wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/36656/ > ----------------------------------------------------------- > > (Updated July 21, 2015, 10:51 p.m.) > > > Review request for mesos, Benjamin Hindman and Michael Park. > > > Bugs: MESOS-3121 > https://issues.apache.org/jira/browse/MESOS-3121 > > > Repository: mesos > > > Description > ------- > > See summary. > > > Diffs > ----- > > 3rdparty/libprocess/src/openssl.hpp > 3f8d351589f8bb26c886da12c53b5e02a242376a > 3rdparty/libprocess/src/openssl.cpp > 6aa2a4db8d64011d0fde6ff0cf4b144c41949d39 > 3rdparty/libprocess/src/tests/ssl_tests.cpp > 2fe50601615b0bee57bd3e05dc9c932f93ca7477 > > Diff: https://reviews.apache.org/r/36656/diff/ > > > Testing > ------- > > make check. > > > Thanks, > > Joris Van Remoortere > >
