[Pkg-openssl-devel] Building alpha3 with -DOPENSSL_TLS_SECURITY_LEVEL=2
Kurt Roeckx
kurt at roeckx.be
Wed Jun 17 20:50:49 BST 2020
On Wed, Jun 17, 2020 at 09:40:22PM +0200, Sebastian Andrzej Siewior wrote:
> Hi,
>
> I'm looking at alpha3 since a few days. A bunch of test fail due to
> debian/patches/Set-systemwide-default-settings-for-libssl-users.patch
I wasn't expecting that patch to be applied during the test suite.
But I also think that any test suite error caused by it, is a bug
in the test suite that should get fixed. I'll see if I can find
some time for this.
> and the testsuite uses this .cnf as default and expects TLS<1.2. Then I
> remember what you were saying in #918727 reagarding the default level.
>
> I've been looking at setting
> -DOPENSSL_TLS_SECURITY_LEVEL=2
>
> at build time. This would match
> CipherString = DEFAULT at SECLEVEL=2
>
> just fine.
> However, for TLSv1.2 by default we would need security level 4
> (accodring to ssl_security_default_callback()).
That says that if you set level 4, the TLS version needs to be 1.2
or higher.
Kurt
More information about the Pkg-openssl-devel
mailing list