I don't know. OpenSSL sucks. I've inquired on twitter, perhaps someone will respond: https://twitter.com/Ben_Pfaff/status/487291490545065985
On Wed, Jun 25, 2014 at 09:29:31PM +0000, Singhal, Abhinav wrote: > Hi Ben, > > Thanks for the prompt response. I downloaded the latest snapshot of the > source today (210ba96.tar.gz) and built it. When this new OVS initiates a SSL > connection to the controller, it still uses TLS 1.0 to send the hello. Can > you please verify that the fix in place is working correctly? > > Regards, > Abhinav > > -----Original Message----- > From: Ben Pfaff [mailto:b...@nicira.com] > Sent: Thursday, June 12, 2014 7:08 PM > To: Singhal, Abhinav > Cc: discuss@openvswitch.org > Subject: Re: [ovs-discuss] Problem initiating TLS 1.2 hello from OVS client > to NOX controller > > On Thu, Jun 12, 2014 at 09:26:42PM +0000, Singhal, Abhinav wrote: > > I have OVS (1.11.0) and the OpenSSL (1.0.1e-fips) installed on a VM. I > > checked the OpenSSL release notes and it says that the version I am > > using supports TLS 1.2. My NOX controller is running in passive TLS > > mode. Problem is, when my OVS initiates a SSL connection to the > > controller, it uses TLS 1.0. My questions are: a). Will OpenSSL always > > initiate the TLS handshake using the highest available SSL version > > (which ideally means TLS 1.2 in this case)? b). If no, then what > > other changes have to be made in order for the OVS to send out TLS 1.2 > > hello? > > It's a bug. I sent out a fix: > http://openvswitch.org/pipermail/dev/2014-June/041549.html > > > Thanks in advance. > > Abhinav > > E-mail confidentiality. > > It's a public mailing list, there is no confidentiality. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
