On Fri, Jun 01, 2012 at 11:07:44AM +0200, Cyril Brulebois wrote: > Salvatore Bonaccorso <car...@debian.org> (01/06/2012): > > It was reported [1], that libnet-ssleay-perl does not report the > > correct constant value for SSL_OP_NO_TLSv1_1. There was the following > > change in openssl 1.0.1b-1: > > > > openssl (1.0.1b-1) unstable; urgency=high > > . > > * New upstream version > > - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0 > > can talk to servers supporting TLS 1.1 but not TLS 1.2 > > - Drop rc4_hmac_md5.patch, applied upstream > > Does it mean we're going to hit the same kind of issues next time > there's a similar change in openssl?
This change was made to make sure applications build against 1.0.0 can talk to a server that does TLS 1.1 but not TLS 1.2, as the changelog says. This is not something I like to change again, since it will cause problems. Everything build against 1.0.1 or 1.0.1a that cares about SSL_OP_NO_TLSv1_1 should be rebuild against 1.0.1b or later. If using the defines from the the 1.0.1 and 1.0.1a version, but using 1.0.1b or laster the SSL_OP_NO_TLSv1_1 will not have any effect. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
