On 6. Feb 2025, at 13.36, Stuart Henderson via dovecot <dovecot@dovecot.org> wrote: > > On 2025-01-29, Timo Sirainen via dovecot <dovecot@dovecot.org> wrote: >> On 25. Jan 2025, at 22.29, Brad Smith via dovecot <dovecot@dovecot.org> >> wrote: >>> >>> Test building 2.4 I see the last commit to the SSL code before the release >>> went >>> out broke building with LibreSSL.. >>> >>> https://github.com/dovecot/core/commit/77d50a6b5e75796896e8e5b437783a99497908d9 >>> >>> >>> >>> CC iostream-openssl.lo >>> iostream-openssl.c:756:55: warning: unused parameter 'ssl_io' >>> [-Wunused-parameter] >>> openssl_iostream_get_compression(struct ssl_iostream *ssl_io) >>> ^ >>> iostream-openssl.c:893:4: error: use of undeclared identifier >>> 'SSL_OP_NO_RENEGOTIATION' >>> SSL_OP_NO_RENEGOTIATION)) { >> >> Well, the question is then whether LibreSSL does renegotiation always or >> never with <TLSv1.3? That determines whether we disable channel binding >> entirely with LibreSSL + <TLSv1.3 or always allow it. > > SSL_OP_NO_CLIENT_RENEGOTIATION probably does what you want.
I saw that, but I'm not familiar enough with OpenSSL / LibreSSL to know for sure. So I just played safe and made it not support channel binding with TLS v1.2 and older. Probably no client would try to do that anyway. _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
