[Pkg-openssl-devel] Building alpha3 with -DOPENSSL_TLS_SECURITY_LEVEL=2
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Jun 17 20:58:20 BST 2020
On 2020-06-17 21:50:49 [+0200], Kurt Roeckx wrote:
> I wasn't expecting that patch to be applied during the test suite.
> But I also think that any test suite error caused by it, is a bug
> in the test suite that should get fixed. I'll see if I can find
> some time for this.
Ah. I could forward my current patch then.
> > and the testsuite uses this .cnf as default and expects TLS<1.2. Then I
> > remember what you were saying in #918727 reagarding the default level.
> >
> > I've been looking at setting
> > -DOPENSSL_TLS_SECURITY_LEVEL=2
> >
> > at build time. This would match
> > CipherString = DEFAULT at SECLEVEL=2
> >
> > just fine.
> > However, for TLSv1.2 by default we would need security level 4
> > (accodring to ssl_security_default_callback()).
>
> That says that if you set level 4, the TLS version needs to be 1.2
> or higher.
So how do we get DEFAULT at SECLEVEL=2 and MinProtocol = TLSv1.2 by default
and so that it could be overriden?
OCT deccision followed by patch or is there something progress?
> Kurt
Sebastian
More information about the Pkg-openssl-devel
mailing list