#2555: Client unable to connect with recent openSSL library / disable SSLv3
usage
--------------------+--------------------
Reporter: jor123 | Owner:
Type: bug | Status: new
Priority: major | Milestone: Future
Component: Core | Version: 1.3.10
Keywords: |
--------------------+--------------------
Because of CVE-2014-3566 (POODLE) OpenSSL 1.0.1j has option to build
without SSLv3 support (The Debian unstable distribution now has a version
which does this).
This breaks the rpcserver ssl connections.
The WebUI was switched to TLSv1_METHOD in 1.3.10.
But the RPCserver still has SSLv3_METHOD.
Not sure if compatibility of the TLS version between a deluge client and
server is a big issue (or if you would want to limit it to TLSv1 only).
Here's a quick patch I applied, which also supports TLS 1.1 and TLS 1.2
--
Ticket URL: <http://dev.deluge-torrent.org/ticket/2555>
Deluge <http://deluge-torrent.org/>
Deluge Project
--
You received this message because you are subscribed to the Google Groups
"Deluge Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/deluge-dev.
For more options, visit https://groups.google.com/d/optout.
