Hi Ben, Thanks for the prompt response. I downloaded the latest snapshot of the source today (210ba96.tar.gz) and built it. When this new OVS initiates a SSL connection to the controller, it still uses TLS 1.0 to send the hello. Can you please verify that the fix in place is working correctly?
Regards, Abhinav -----Original Message----- From: Ben Pfaff [mailto:[email protected]] Sent: Thursday, June 12, 2014 7:08 PM To: Singhal, Abhinav Cc: [email protected] Subject: Re: [ovs-discuss] Problem initiating TLS 1.2 hello from OVS client to NOX controller On Thu, Jun 12, 2014 at 09:26:42PM +0000, Singhal, Abhinav wrote: > I have OVS (1.11.0) and the OpenSSL (1.0.1e-fips) installed on a VM. I > checked the OpenSSL release notes and it says that the version I am > using supports TLS 1.2. My NOX controller is running in passive TLS > mode. Problem is, when my OVS initiates a SSL connection to the > controller, it uses TLS 1.0. My questions are: a). Will OpenSSL always > initiate the TLS handshake using the highest available SSL version > (which ideally means TLS 1.2 in this case)? b). If no, then what > other changes have to be made in order for the OVS to send out TLS 1.2 > hello? It's a bug. I sent out a fix: http://openvswitch.org/pipermail/dev/2014-June/041549.html > Thanks in advance. > Abhinav > E-mail confidentiality. It's a public mailing list, there is no confidentiality. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
