On Mon, May 24, 2021 at 11:09:38AM +0200, Daniel Gustafsson wrote:
> 1.1.0d killed what was left of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS while keeping
> it defined, so there is also very little value in even attempting it there.
>
> +1 on the patch, LGTM.
Thanks, applied.
I was having a very hard t
> On 24 May 2021, at 03:29, Michael Paquier wrote:
> I got to look at that in details, and the attached would be able to do
> the job with OpenSSL 1.0.2 and older versions. The main idea is to
> set up SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS once the SSL object is
> created when opening the TLS connec
On Fri, May 21, 2021 at 10:41:34AM +0900, Michael Paquier wrote:
> This one can be set within ssl->s3->flags in the port information.
> Still that's not completely feasable either as some versions of
> OpenSSL hide the internals of a bunch of internal structures, and some
> distributions patch the
On Thu, May 20, 2021 at 02:15:52PM +0200, Daniel Gustafsson wrote:
> On 20 May 2021, at 13:00, Michael Paquier wrote:
>> - SSL_OP_NO_RENEGOTIATION controls that. It is present in OpenSSL >=
>> 1.1.1 and has been backported in 1.1.0h (it is not present in older
>> versions of 1.1.0).
>
> For Open
> On 20 May 2021, at 13:00, Michael Paquier wrote:
> - SSL_OP_NO_RENEGOTIATION controls that. It is present in OpenSSL >=
> 1.1.1 and has been backported in 1.1.0h (it is not present in older
> versions of 1.1.0).
For OpenSSL 1.1.0 versions < 1.1.0h it will be silently accepted without
actually
