@amadio commented on this pull request. > @@ -47,6 +47,21 @@ #include <openssl/param_build.h> #endif +// Hardcoded DH parameters that are acceptable to both OpenSSL 3.0 (RHEL9) +// and 1.0.2 (RHEL7). OpenSSL 3.0 reworked the DH parameter generation algorithm +// and now produces DH params that don't pass OpenSSL 1.0.2's parameter verification +// function (`DH_check`). Accordingly, since these are safe to reuse, we generated +// a single set of parameters for the server to always utilize. +const char dh_param_enc[] = Shouldn't this be a `static const char`? -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/2026#pullrequestreview-1467008240 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1