<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Mar 19, 2015 at 8:46 PM, Jeff Darcy <span dir="ltr"><<a href="mailto:jdarcy@redhat.com" target="_blank">jdarcy@redhat.com</a>></span> wrote:<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">> > socket.c:2915<br>
> > priv->ssl_meth = (SSL_METHOD *)TLSv1_method();<br>
><br>
> I'm really glad to hear that :-)<br>
<br>
<br>
</span>FWIW, using TLSv1_2_method instead doesn't immediately seem to break.<br>
Unfortunately, every possible piece of code for 3.7 got merged one<br>
second before the feature-freeze deadline today, and that generated a<br>
lot of wreckage. I'll have to wait for that to clear before I can do<br>
a meaningful test of this one-line change.<br>
</blockquote></div><br></div><div class="gmail_extra">Oh dear! I'm not familiar with SSL API calls but given what you wrote above, I just realized that GlusterFS indeed supports TLS but "v1" only as you mention a "TLSv1_2_method()".<br><br></div><div class="gmail_extra">I dug a bit on the matter and I'm a quite puzzled here. In OpenSSL, there's a SSLv23_METHOD which selects which is more appropriate but I see nothing equivalent for TLS! Each version have its dedicated function call like TLSv1_METHOD, TLSv1_1_METHOD and TLSv1_2_METHOD!<br><br></div><div class="gmail_extra">I really wonder why they didn't include a generic method which would negociate the best protocol version between client and server :-(<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Anyways, I'll recompile the Ubuntu packages from the PPA applying a small patch to change "TLSv1_method()" to "TLSv1_2_method()" to see if it works in my case.<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Thank you very much for pointing out the interesting bits and helping figure out things. Have fun debugging :-)<br clear="all"></div><div class="gmail_extra"><br>-- <br><div class="gmail_signature">Unix _IS_ user friendly, it's just selective about who its friends are.</div>
</div></div>