[pve-devel] [PATCH] pveproxy: enable TSLv1

[Wolfgang Link]

this is necessary for IE communication

Signed-off-by: Wolfgang Link w.l...@proxmox.com
---
 bin/pveproxy |4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bin/pveproxy b/bin/pveproxy
index a9b6f1c..a254f08 100755
--- a/bin/pveproxy
+++ b/bin/pveproxy
@@ -107,8 +107,10 @@ sub init {
ssl = {
# Note: older versions are considered insecure, for example
# search for Poodle-Attac
+   method = TLSv1,
sslv2 = 0,
-   sslv3 = 0, 
+   sslv3 = 0,
+   verify = 1,
cipher_list = $proxyconf-{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
key_file = '/etc/pve/local/pve-ssl.key',
cert_file = '/etc/pve/local/pve-ssl.pem',
-- 
1.7.10.4


___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH] pveproxy: enable TSLv1

[Dietmar Maurer]

 + sslv3 = 0,
 + verify = 1,

Really? Why does a server side verification influence the client?

___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH] pveproxy: enable TSLv1

[Dietmar Maurer]

I guess this will break most connections instead.

 No it don't, is only commanded by the doc to set this flag.
 Am 03.02.15 um 18:23 schrieb Dietmar Maurer:
  +  sslv3 = 0,
  +  verify = 1,
  Really? Why does a server side verification influence the client?
 

___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH] pveproxy: enable TSLv1

[Wolfgang Link]

No it don't, is only commanded by the doc to set this flag.
Am 03.02.15 um 18:23 schrieb Dietmar Maurer:

+   sslv3 = 0,
+   verify = 1,

Really? Why does a server side verification influence the client?



___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel