Message307956
Sounds about right, but I cannot find a good way to disable renegotiation.
* SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS doesn't look right. For one it's an internal, undocumented flag. But more important it is no longer supported in OpenSSL 1.1.0.
* The info_callback trick does not work. The info callback cannot return an error indicator. In OpenSSL 1.1.0 the function signature is ``void (*cb) (const SSL *ssl, int type, int val)``, which means it cannot modify the SSL object in order to abort the connection forcefully. |
|
Date |
User |
Action |
Args |
2017-12-10 10:37:36 | christian.heimes | set | recipients:
+ christian.heimes, njs, chuq |
2017-12-10 10:37:36 | christian.heimes | set | messageid: <1512902256.46.0.213398074469.issue32257@psf.upfronthosting.co.za> |
2017-12-10 10:37:36 | christian.heimes | link | issue32257 messages |
2017-12-10 10:37:36 | christian.heimes | create | |
|