[pve-devel] [PATCH] pveproxy: enable TSLv1
this is necessary for IE communication Signed-off-by: Wolfgang Link w.l...@proxmox.com --- bin/pveproxy |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/pveproxy b/bin/pveproxy index a9b6f1c..a254f08 100755 --- a/bin/pveproxy +++ b/bin/pveproxy @@ -107,8 +107,10 @@ sub init { ssl = { # Note: older versions are considered insecure, for example # search for Poodle-Attac + method = TLSv1, sslv2 = 0, - sslv3 = 0, + sslv3 = 0, + verify = 1, cipher_list = $proxyconf-{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5', key_file = '/etc/pve/local/pve-ssl.key', cert_file = '/etc/pve/local/pve-ssl.pem', -- 1.7.10.4 ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH] pveproxy: enable TSLv1
+ sslv3 = 0, + verify = 1, Really? Why does a server side verification influence the client? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH] pveproxy: enable TSLv1
I guess this will break most connections instead. No it don't, is only commanded by the doc to set this flag. Am 03.02.15 um 18:23 schrieb Dietmar Maurer: + sslv3 = 0, + verify = 1, Really? Why does a server side verification influence the client? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH] pveproxy: enable TSLv1
No it don't, is only commanded by the doc to set this flag. Am 03.02.15 um 18:23 schrieb Dietmar Maurer: + sslv3 = 0, + verify = 1, Really? Why does a server side verification influence the client? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel