Re: OpenSSL 1.0.1 protocol selection support

* Wietse Venema wie...@porcupine.org: Based on input from Victor I'll put out a 2.10 development release that makes the minimum changes to support the new OpenSSL protocols. This may then be back-ported to earlier Postfix releases if needed. Meanwhile, Victor will start work on

[Patch]: OpenSSL 1.0.1 protocol selection support (was: TLS library problem after updating openssl)

On Sun, Apr 22, 2012 at 12:47:41PM -0400, Jerry wrote: I am wondering if openssl 1.0.1a corrects this problem. I am going to install it later today and see what happens. Please post the results. On another note, is there a setting that would force Postfix to NOT use tls1_2 or tls1_1? I am

Re: [Patch]: OpenSSL 1.0.1 protocol selection support (was: TLS library problem after updating openssl)

Viktor Dukhovni: The OpenSSL API does not provide an interface to allow older programs to disable new protocol versions defined in later versions of the API. Therefore, to disable TLS 1.1 or 1.2 one has to add code that uses the new constants introduced with OpenSSL 1.0.1. Proposed patch

Re: [Patch]: OpenSSL 1.0.1 protocol selection support (was: TLS library problem after updating openssl)

On Sun, Apr 22, 2012 at 03:12:26PM -0400, Wietse Venema wrote: Proposed patch attached. That will be a solution for Postfix 2.10. Meanwhile, for earlier Postfix releases, how much of the problem can be solved by changing from: mumble_tls_mandatory_protocols = SSLv3, TLSv1 (i.e.

Re: [Patch]: OpenSSL 1.0.1 protocol selection support (was: TLS library problem after updating openssl)

Viktor Dukhovni: On Sun, Apr 22, 2012 at 03:12:26PM -0400, Wietse Venema wrote: Proposed patch attached. That will be a solution for Postfix 2.10. Meanwhile, for earlier Postfix releases, how much of the problem can be solved by changing from:

Re: [Patch]: OpenSSL 1.0.1 protocol selection support (was: TLS library problem after updating openssl)

On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote: Why do we need to have (expr TLS_KNOWN_PROTOCOLS) in the code in the first place? If we get rid of it, then we don't have to rush out patches each time the OpenSSL team comes out with a new incompatible protocol. The

Re: [Patch]: OpenSSL 1.0.1 protocol selection support (was: TLS library problem after updating openssl)

Viktor Dukhovni: On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote: Why do we need to have (expr TLS_KNOWN_PROTOCOLS) in the code in the first place? If we get rid of it, then we don't have to rush out patches each time the OpenSSL team comes out with a new incompatible

Re: [Patch]: OpenSSL 1.0.1 protocol selection support (was: TLS library problem after updating openssl)

On Sun, Apr 22, 2012 at 04:13:03PM -0400, Wietse Venema wrote: On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote: Why do we need to have (expr TLS_KNOWN_PROTOCOLS) in the code in the first place? If we get rid of it, then we don't have to rush out patches each time the

OpenSSL 1.0.1 protocol selection support

Based on input from Victor I'll put out a 2.10 development release that makes the minimum changes to support the new OpenSSL protocols. This may then be back-ported to earlier Postfix releases if needed. Meanwhile, Victor will start work on future-proofing Postfix, such that it will be prepared

Re: OpenSSL 1.0.1 protocol selection support

Wietse Venema: Based on input from Victor I'll put out a 2.10 development release that makes the minimum changes to support the new OpenSSL protocols. This may then be back-ported to earlier Postfix releases if needed. Meanwhile, Victor will start work on future-proofing Postfix, such that