[ https://bro-tracker.atlassian.net/browse/BIT-1499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Johanna Amann updated BIT-1499: ------------------------------- Fix Version/s: 2.5 > Updates for newer version of OpenSSL/LibreSSL > --------------------------------------------- > > Key: BIT-1499 > URL: https://bro-tracker.atlassian.net/browse/BIT-1499 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro, Broccoli > Affects Versions: git/master > Reporter: Seth Hall > Fix For: 2.5 > > Attachments: patch-aux_broccoli_src_bro__openssl.c, > patch-src_ChunkedIO.cc > > > A comment from Christoph Pietsch: > {quote}Currently bro fails to build when openssl libraries have been built > without SSLv3 (configure --no-ssl2 --nossl3). This has > surfaced when building with the latest LibreSSL 2.3. > Attached patches address all these issues. These can be improved upon > by using only SSLv23_ methods or even TLS_ methods and setting > SSL_CTX_set_options(ctx, SSL_OP_NO_SSL2 | SSL_OP_NO_SSL3) but I've > tried to make the patches minimally intrusive. OpenSSL 1.1.0 will > deprecate SSLv23_ methods and introduces compatible TLS_ methods.{quote} > The patches are attached. Fortunately all of this code is slated to be > removed but it does introduce the question how we manage this moving forward. > I'd like to avoid having to add compiler directives to use alternate > implementations and detect which version of OpenSSL someone has installed. > Alternately, what does everyone think about deprecating the existing > communication mechanism by making it a configure-time option? We can just > not compile those by default which means that almost everyone would just see > everything work correctly and our effort would be minimal. People that need > the existing built in communication still can deal with the complications of > compiling Bro with the option and having the correct version of OpenSSL. -- This message was sent by Atlassian JIRA (v7.0.0-OD-08-005#70107) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev