[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#675434: nmu: libnet-ssleay-perl_1.48-1

On Fri, Jun 01, 2012 at 11:07:44AM +0200, Cyril Brulebois wrote:
> Salvatore Bonaccorso <carnil@debian.org> (01/06/2012):
> > It was reported [1], that libnet-ssleay-perl does not report the
> > correct constant value for SSL_OP_NO_TLSv1_1. There was the following
> > change in openssl 1.0.1b-1:
> > 
> >  openssl (1.0.1b-1) unstable; urgency=high
> >  .
> >    * New upstream version
> >      - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
> >        can talk to servers supporting TLS 1.1 but not TLS 1.2
> >      - Drop rc4_hmac_md5.patch, applied upstream
> 
> Does it mean we're going to hit the same kind of issues next time
> there's a similar change in openssl?

This change was made to make sure applications build against
1.0.0 can talk to a server that does TLS 1.1 but not TLS 1.2,
as the changelog says.  This is not something I like to change
again, since it will cause problems.

Everything build against 1.0.1 or 1.0.1a that cares about
SSL_OP_NO_TLSv1_1 should be rebuild against 1.0.1b or later.
If using the defines from the the 1.0.1 and 1.0.1a version,
but using 1.0.1b or laster the SSL_OP_NO_TLSv1_1 will not have
any effect.


Kurt
Reply to: