On Tue, Aug 02, 2016 at 02:13:31PM +0100, Tom Grace wrote:
> On 02/08/2016 12:11, Olivier BONHOMME wrote:
> > So my question is : Can lftp provided by CentOS (of course last version in the
> > 6.x branch), do TLSv1.2 connection ?
> It may not be related, but in the past I have needed to rebuild libNSS
> and Curl in CentOS 6 due to an upstream patch the explicitly disabled
> TLSv1.2 in the default list of supported versions.
> As I recall, this was done to maintain support for servers that could
> not work when the negotiation of SSL/TLS was longer than X bytes.
> Unfortunately, I can't find the bug I referenced at the time.
>
> If it's like Curl, you might be able to explicitly enable TLSv1.2 on the
> command line, else I suspect you could recompile the source RPM,
> removing patches if required.
Hello Tom,
It's indeed an interesting way. I didn't think about something just disabled. I
browsed, gnutls rpm changelog and I saw this :
* Thu May 3 2012 Tomas Mraz <tmraz@xxxxxxxxxx> 2.8.5-7
- more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default)
So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it
because it can't force it.
I tried browsing the code and RPM patches but I was unable to find where this
disable thing is.
Does anybody have an idea ?
Regards,
Olivier
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
