-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Sep 05, 2017 at 11:40:46PM +0200, Sven Hartge wrote: > Michael Grant <mgr...@grant.org> wrote: > > > Is there something I can set on Debian side to force this newer > > openssl to accept older 1.x connections? > > No, you can't. > > Kurt Roeckx, the DD maintaining OpenSSL, patched it in such a way that a > program needs to call a special function of OpenSSL to override the > default minimum TLS-version of TLS1.2. > > Problem is: next to no program implements this as of yet.
Isn't there any LD_PRELOAD [1] [2] [3] trick one could play? I mean interposing something between the executable and the lib to slightly modify the lib's default behaviour? Sorry, I haven't the spare cycles ATM to give it a shot (although it would be tempting...) [1] http://www.catonmat.net/blog/simple-ld-preload-tutorial/ [2] https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/ [3] http://www.linuxjournal.com/article/7795 - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlmvqlUACgkQBcgs9XrR2kZ+pQCeN8zhZhk77lZTpY1ObE/7x0RC 5V8AniopvriAqZjMwNTS2olo2dnlciS/ =qa6N -----END PGP SIGNATURE-----
