On Thu, Mar 19, 2015 at 8:46 PM, Jeff Darcy <jdarcy@xxxxxxxxxx> wrote:
> > socket.c:2915
> > priv->ssl_meth = (SSL_METHOD *)TLSv1_method();
>
> I'm really glad to hear that :-)
FWIW, using TLSv1_2_method instead doesn't immediately seem to break.
Unfortunately, every possible piece of code for 3.7 got merged one
second before the feature-freeze deadline today, and that generated a
lot of wreckage. I'll have to wait for that to clear before I can do
a meaningful test of this one-line change.
Oh dear! I'm not familiar with SSL API calls but given what you wrote above, I just realized that GlusterFS indeed supports TLS but "v1" only as you mention a "TLSv1_2_method()".
I dug a bit on the matter and I'm a quite puzzled here. In OpenSSL, there's a SSLv23_METHOD which selects which is more appropriate but I see nothing equivalent for TLS! Each version have its dedicated function call like TLSv1_METHOD, TLSv1_1_METHOD and TLSv1_2_METHOD!
I really wonder why they didn't include a generic method which would negociate the best protocol version between client and server :-(
Anyways, I'll recompile the Ubuntu packages from the PPA applying a small patch to change "TLSv1_method()" to "TLSv1_2_method()" to see if it works in my case.
Thank you very much for pointing out the interesting bits and helping figure out things. Have fun debugging :-)
--
Unix _IS_ user friendly, it's just selective about who its friends are.
_______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://www.gluster.org/mailman/listinfo/gluster-users
