linuxdcpp-team team mailing list archive

[cologic <1308290@xxxxxxxxxxxxxxxxxx>]

For reference, to test connecting to different TLS versions:
TLS 1.0: openssl s_client -connect host:port -tls1 -no_tls1_1 -no_tls1_2
TLS 1.1: openssl s_client -connect host:port -tls1_1
TLS 1.2: openssl s_client -connect host:port -tls1_2

As far as I can tell,
http://sourceforge.net/p/dcplusplus/code/ci/3f410c13dfcf3b15105cabbc39f7e0eacb0bb038/
does follow OpenSSL's documented API.

https://www.openssl.org/docs/ssl/SSL_CTX_new.html states "The list of
protocols available can later be limited using the SSL_OP_NO_SSLv2,
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the SSL_CTX_set_options() or
SSL_set_options() functions."

https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html states that
SSL_OP_NO_TLSv1 means "Do not use the TLSv1 protocol."

http://openssl.6102.n7.nabble.com/Selecting-TLSv1-2-only-protocol-td48296.html states that:
options = SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 |SSL_OP_NO_SSLv2; 
options |= SSL_OP_NO_SSLv3; 

Selects TLS v1.2 or newer.

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1308290

Title:
  Require TLS 1.2 connections for ADCS

Status in DC++:
  In Progress

Bug description:
  The same patch attached can be found at
  http://pastie.org/pastes/8760328 from two months ago. It's the
  resolution to https://dcpp.wordpress.com/2013/09/20/beast-crime-
  breach-and-lucky-13-assessing-tls-in-adcs/

  This is meant as a trial patch: easy to add, and if it causes
  irresolvable problems, easy to remove without affecting much else.

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1308290/+subscriptions