Re: [exim] OpenSSL IOT woes

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Jeremy Harris
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] OpenSSL IOT woes
On 03/10/2022 18:08, Jeremy Harris via Exim-users wrote:
> Could the min/max protocol stuff mentioned in
> https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
> be affecting it?
> Exim has no SSL_CONF_* calls currently; probably never has in it's
> history.


Bingo. The value given by SSL_CTX_get_max_proto_version()
is TLS1_2_VERSION.

If I slam a SSL_CTX_set_max_proto_version() call for SSL_v3
in right before twiddling the option bits, all is good.


I conclude:

- the limit value is kept separate from the bitfield
setting the same essential information, in the library

- this is a poor choice

- any application written before those limit value APIs
were introduced and which did it's own bit-setting
(as documented) configuration for TLS versions,
will be broken in the same way. Back-compatibility?
What does that mean?

- the *lack* of documentation that the limit value
overrides the bitfield, having made the choice
to keep them separate is... words fail me.

--
Cheers,
Jeremy