* Edson Marquezani Filho: > We've found out that openssl shipped with CentOS 5 (old, I know) won't > talk TLS by default.
This depends on the application using OpenSSL. > So, once we cut off SSLv3, our Nagios scripts begin to fail, because > they are not able to handshake with the monitored server. Which programs do your Nagios scripts use to probe your servers? This is likely the place to look for solutions. > Since upgrading every CentOS 5 box would be impossible, I was > wondering if there was some kind of magic (compilation option, patch, > global runtime configuration, anything) we could do on OpenSSL 0.9.8 > so that it will try TLS 1.0 by default, or at least do it when SSLv23 > doesn't work. I didn't find any configure option for it, though. Even with OpenSSL 0.9.8, the SSLv23 method attempt to negotiate TLS 1.0. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
