ECC support is automatically enabled in OpenSSL 1.1+, but must be initialized in 1.0.
From quick testing on CentOS 7, this seems to resolve #1149 for me. Results from HTTPS connections to various versions:
- 4.11.2:
- Protocol : TLSv1.2
- Cipher : AES256-GCM-SHA384
- 4.11.3rc1:
- Client:
SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
- Server:
SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1435
- 4.11.3rc1 with this PR:
- Protocol : TLSv1.2
- Cipher : ECDHE-RSA-AES256-GCM-SHA384
You can view, comment on, or merge this pull request online at:
https://github.com/xrootd/xrootd/pull/1151
Commit Summary
- [XrdHttp] Enable elliptic-curve support for OpenSSL 1.0.2+
File Changes
Patch Links:
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/pull/1151?email_source=notifications\u0026email_token=AA7NRDXKHHIHJOWBRXYET73RGE4VNA5CNFSM4LDFMJQ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4ITFZE7Q",
"url": "https://github.com/xrootd/xrootd/pull/1151?email_source=notifications\u0026email_token=AA7NRDXKHHIHJOWBRXYET73RGE4VNA5CNFSM4LDFMJQ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4ITFZE7Q",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1