When creating a TLS socket, both spice-server and spice-gtk currently
call SSL_CTX_new(TLSv1_method()). The TLSv1_method() function set the
protocol version to TLS 1.0 exclusively. The correct way to support
multiple protocol versions is to call SSLv23_method() in spite of its
scary name. This
On Wed, Nov 27, 2013 at 05:23:53PM +0100, David Jaša wrote:
When creating a TLS socket, both spice-server and spice-gtk currently
call SSL_CTX_new(TLSv1_method()). The TLSv1_method() function set the
protocol version to TLS 1.0 exclusively. The correct way to support
multiple protocol versions
Before writing these patches against git, I wrote them as patches to rpm
packages on my system and I performed several tests. When both packages
had the patch included, the TLS version in use was 1.2. When only one of
them had the patch included, the TLS version falled back to 1.0 (same as
status
Daniel P. Berrange píše v St 27. 11. 2013 v 16:27 +:
On Wed, Nov 27, 2013 at 05:23:53PM +0100, David Jaša wrote:
When creating a TLS socket, both spice-server and spice-gtk currently
call SSL_CTX_new(TLSv1_method()). The TLSv1_method() function set the
protocol version to TLS 1.0