About protocols in openssl
Miroslav Lachman
000.fbsd at quip.cz
Thu Feb 27 19:25:44 UTC 2020
Willem Jan Withagen wrote on 2020/02/27 20:00:
> Hi,
>
> My ceph ports uses all kinds of python stuff, and now the trouble is
> that I'm getting
> an error on missing:
> SSLv3_client_method
>
> Which i guess, is because in the current openssl libs SSLv3 is disabled.
> And I sort of get this, SSLv3 is unsafe.
>
> But I need it to be able to run parts of the ceph port.
>
> So how do I get a openssl lib dependancy that has SSLv3 enabled.
You can build OpenSSL 1.1.1 from the ports where you can enable SSLv3 in
the options dialog.
https://www.freshports.org/security/openssl/
The defaults are:
====> Protocol Support
NEXTPROTONEG=on: Next Protocol Negotiation (SPDY)
SCTP=on: SCTP (Stream Control Transmission)
SSL3=off: SSLv3 (unsafe)
TLS1=on: TLSv1.0 (requires TLS1_1, TLS1_2)
TLS1_1=on: TLSv1.1 (requires TLS1_2)
TLS1_2=on: TLSv1.2
Miroslav Lachman
More information about the freebsd-ports
mailing list