Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
- adding configuration options to override the options to
SSL_CTX_set_options (as it is possible there will be some user with old
VoIP hardware out there who
On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote:
[...]
If it will help the release team, is there anybody from the security
team who could review the changes in my debdiff?
Note that debian-secur...@lists.debian.org is not a contact address for
the security team.
(Also I don't see
On 08/12/14 10:20, Adam D. Barratt wrote:
On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote:
[...]
If it will help the release team, is there anybody from the security
team who could review the changes in my debdiff?
Note that debian-secur...@lists.debian.org is not a contact address for
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
This has no effect in jessie. SSLv2 and SSLv3 are disabled if you
use the SSLv23_* methods.
On 08/12/14 11:12, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
This has no effect in jessie. SSLv2 and SSLv3 are
On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
On 08/12/14 11:12, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using
On 08/12/14 12:36, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
On 08/12/14 11:12, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's
On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
Just one other point: if somebody is trying sending the client hello
using SSL v2 record layer but indicating support for TLS v1.0, should
TLSv1_method or SSLv23_method accept that?
I would expect that both should support that.
On 08/12/14 13:53, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
Just one other point: if somebody is trying sending the client hello
using SSL v2 record layer but indicating support for TLS v1.0, should
TLSv1_method or SSLv23_method accept that?
I would
On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
I have no idea what technology is in use in the remote/client system.
If my server socket is using TLSv1_method it is rejecting the connection
and logging those errors on my server:
error:1408F10B:SSL
On 08/12/14 18:58, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
I have no idea what technology is in use in the remote/client system.
If my server socket is using TLSv1_method it is rejecting the connection
and logging those errors on my server:
On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
Will the TLSv1 method be removed in jessie or while jessie is still
supported?
This is something post jessie.
Kurt
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
On 08/12/14 19:25, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
Will the TLSv1 method be removed in jessie or while jessie is still
supported?
This is something post jessie.
Is it something that is going to happen with Ubuntu releases next year
On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
Is it something that is going to happen with Ubuntu releases next year
(e.g. April 2015)?
If so, it means that the repro package in jessie won't talk to a repro
package in Ubuntu.
I think there is some misunderstanding.
On 08/12/14 20:06, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
Is it something that is going to happen with Ubuntu releases next year
(e.g. April 2015)?
If so, it means that the repro package in jessie won't talk to a repro
package in Ubuntu.
I
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
If I understand your reply correctly, the version in Ubuntu and Fedora
will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
Do you believe it would be reasonable for me to request a smaller
unblock that just
On 08/12/14 21:16, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
If I understand your reply correctly, the version in Ubuntu and Fedora
will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
Do you believe it would be reasonable for me
17 matches
Mail list logo
