On Tue, Aug 02, 2016 at 02:13:31PM +0100, Tom Grace wrote:
On 02/08/2016 12:11, Olivier BONHOMME wrote:
So my question is : Can lftp provided by CentOS (of course last version in the 6.x branch), do TLSv1.2 connection ?
It may not be related, but in the past I have needed to rebuild libNSS and Curl in CentOS 6 due to an upstream patch the explicitly disabled TLSv1.2 in the default list of supported versions. As I recall, this was done to maintain support for servers that could not work when the negotiation of SSL/TLS was longer than X bytes. Unfortunately, I can't find the bug I referenced at the time.
If it's like Curl, you might be able to explicitly enable TLSv1.2 on the command line, else I suspect you could recompile the source RPM, removing patches if required.
Hello Tom,
It's indeed an interesting way. I didn't think about something just disabled. I browsed, gnutls rpm changelog and I saw this :
* Thu May 3 2012 Tomas Mraz tmraz@redhat.com 2.8.5-7 - more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default)
So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it because it can't force it.
I tried browsing the code and RPM patches but I was unable to find where this disable thing is.
Does anybody have an idea ?
Regards, Olivier