On Tue, Aug 02, 2016 at 02:56:26PM +0000, Olivier BONHOMME wrote:
Hello Tom,
It's indeed an interesting way. I didn't think about something just disabled. I browsed, gnutls rpm changelog and I saw this :
- Thu May 3 2012 Tomas Mraz tmraz@redhat.com 2.8.5-7
- more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default)
So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it because it can't force it.
I tried browsing the code and RPM patches but I was unable to find where this disable thing is.
Does anybody have an idea ?
Hello guy,
I think i found something. If we look into the upstream source provided in the GNUTLS SRPM, we have on the file lib/gnutls_priority.c:
static const int protocol_priority[] = { /* GNUTLS_TLS1_2, -- not finalized yet! */ GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
So I guess that if even if TLS1.2 is implemented in the CentOS version, the default priority doesn't allow to use TLS1.2.
And I think that lftp doesn't allow to force this priority, that's why I can't use TLS1.2 and only at least TLS1.1.
So the question is: Is that behaviour can be considered as an lftp bug or not ?
Regards, Olivier