On Wed, May 27, 2015 at 10:51:34AM -0400, Jeff Darcy wrote: > Not any more. Currently, SSLv23_method is deprecated, and TLS_method is > the preferred way to get multi-version negotiation. Which brings us to > exactly the "compatibility with decade-old versions" morass Well, just do as everysone does: SSLv23_method with SSL_OP_NO_SSLv[23] options. It is deprecated but it is still there and it works fine. And if Systems OpenSSL does not have SSL_OP_NO_SSLv[23] then it would be a good idea to not support it :-) > I don't mean to be snarky here, but it seems like you've spent more > time studying OpenSSL usage across multiple versions and projects than > it would have taken to write a patch. Is that an indictment of our > overly burdensome patch-submission process, or something else? What > can we do to improve this? Throwing a patch is fast, but what is time consuming is to test. I will make an attemps once I will have figured why Samba cannot connect to a lDAP/SSL directory with a SHA256 signed certificate (it has nothing to do with glusterfs, but it keeps me busy anyway). -- Emmanuel Dreyfus manu@xxxxxxxxxx _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://www.gluster.org/mailman/listinfo/gluster-devel
