[CentOS] TLSv1.2 support for lftp on CentOS 6.x

Olivier BONHOMME obonhomme at nerim.net
Tue Aug 2 14:56:26 UTC 2016


On Tue, Aug 02, 2016 at 02:13:31PM +0100, Tom Grace wrote:
> On 02/08/2016 12:11, Olivier BONHOMME wrote:
> > So my question is : Can lftp provided by CentOS (of course last version in the
> > 6.x branch), do TLSv1.2 connection ?
> It may not be related, but in the past I have needed to rebuild libNSS 
> and Curl in CentOS 6 due to an upstream patch the explicitly disabled 
> TLSv1.2 in the default list of supported versions.
> As I recall, this was done to maintain support for servers that could 
> not work when the negotiation of SSL/TLS was longer than X bytes. 
> Unfortunately, I can't find the bug I referenced at the time.
> 
> If it's like Curl, you might be able to explicitly enable TLSv1.2 on the 
> command line, else I suspect you could recompile the source RPM, 
> removing patches if required.

Hello Tom,

It's indeed an interesting way. I didn't think about something just disabled. I
browsed, gnutls rpm changelog and I saw this : 

* Thu May  3 2012 Tomas Mraz <tmraz at redhat.com> 2.8.5-7
- more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default)

So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it
because it can't force it.

I tried browsing the code and RPM patches but I was unable to find where this
disable thing is.

Does anybody have an idea ?

Regards,
Olivier



More information about the CentOS mailing list