openssl problem after 11 -> 12
Matthias Andree
matthias.andree at gmx.de
Wed Apr 15 20:06:56 UTC 2020
Am 15.04.20 um 07:55 schrieb Per olof Ljungmark:
> On 2020-04-15 00:39, Matthias Andree wrote:
>>
>>> Finally managed to figure it out, you need to tell the perl script
>>> exactly what cipher to use, so I added to 'check_ilo2_health.pl':
>>> --sslopts 'SSL_verify_mode => SSL_VERIFY_NONE, SSL_version =>
>>> "TLSv1_1", SSL_cipher_list => "EDH-RSA-DES-CBC3-SHA"'
>>>
>>> Works with openssl from ports.
>>
>> But "SSL_VERIFY_NONE" should be unrelated to the versioning/cipher
>> issues.
>> If you need SSL_VERIFY_NONE, then the certificate and/or chains and/or
>> trusts are not configured properly.
>>
>
> Yes, it is unrelated, the server certs are self-signed.
Then by all means transfer the CA's certificate safely and deploy it on
the peers's trust storage, so that you can actually verify the server
certificate. SSL_VERIFY_NONE is so... 1990s.
More information about the freebsd-ports
mailing list