About protocols in openssl
Willem Jan Withagen
wjw at digiware.nl
Thu Feb 27 19:42:32 UTC 2020
On 27-2-2020 20:25, Miroslav Lachman wrote:
> Willem Jan Withagen wrote on 2020/02/27 20:00:
>> Hi,
>>
>> My ceph ports uses all kinds of python stuff, and now the trouble is
>> that I'm getting
>> an error on missing:
>> SSLv3_client_method
>>
>> Which i guess, is because in the current openssl libs SSLv3 is disabled.
>> And I sort of get this, SSLv3 is unsafe.
>>
>> But I need it to be able to run parts of the ceph port.
>>
>> So how do I get a openssl lib dependancy that has SSLv3 enabled.
>
> You can build OpenSSL 1.1.1 from the ports where you can enable SSLv3
> in the options dialog.
>
> https://www.freshports.org/security/openssl/
>
> The defaults are:
> ====> Protocol Support
> NEXTPROTONEG=on: Next Protocol Negotiation (SPDY)
> SCTP=on: SCTP (Stream Control Transmission)
> SSL3=off: SSLv3 (unsafe)
> TLS1=on: TLSv1.0 (requires TLS1_1, TLS1_2)
> TLS1_1=on: TLSv1.1 (requires TLS1_2)
> TLS1_2=on: TLSv1.2
Yup, this is what I did, and that works.
But how do I do that for a port? And the make sure that the installer of
the ceph-package gets an openssl that had SSLv3
--WjW
More information about the freebsd-ports
mailing list