[Top] [All Lists]

Re: [nmh-workers] Making OpenSSL 1.0.2 minimum version

2019-06-27 12:05:17
Ken Hornstein wrote in <20190627150420.4FF107A412@pb-smtp21.pobox.com>:
 |When researching the issue Michael Richardson brought up today, it make
 |me realize we really should be calling SSL_set_tlsext_host_name() so we
 |send the TLS extension "server name indicator".  Which is easy, it's
 |literally one line of code.  But that makes me ask a larger question: we
 |have some autoconf goo to support older libraries (pre OpenSSL 1.0.2)
 |that didn't support the function X509_VERIFY_PARAM_set1_host(), and I
 |lack the energy to research if SSL_set_tlsext_host_name() exists in
 |pre-1.0.2 OpenSSL.  I think at this point we should consider OpenSSL
 |1.0.2 the minimum supported version of OpenSSL for nmh.  This would
 |guarantee we are doing TLS 1.2 everywhere and clean up some #ifdefs.

I use that protected via


which seems to work everywhere i tried.

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


<Prev in Thread] Current Thread [Next in Thread>