[Pkg-openssl-devel] Building alpha3 with -DOPENSSL_TLS_SECURITY_LEVEL=2
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Jun 17 20:40:22 BST 2020
Hi,
I'm looking at alpha3 since a few days. A bunch of test fail due to
debian/patches/Set-systemwide-default-settings-for-libssl-users.patch
and the testsuite uses this .cnf as default and expects TLS<1.2. Then I
remember what you were saying in #918727 reagarding the default level.
I've been looking at setting
-DOPENSSL_TLS_SECURITY_LEVEL=2
at build time. This would match
CipherString = DEFAULT at SECLEVEL=2
just fine.
However, for TLSv1.2 by default we would need security level 4
(accodring to ssl_security_default_callback()).
So I don't think this solves all our problems unless the protocol level
changes.
For now I think I provide a second .cnf file at build time so the test
pass.
Sebastian
More information about the Pkg-openssl-devel
mailing list