[CentOS] TLSv1.2 support for lftp on CentOS 6.x
Olivier BONHOMME
obonhomme at nerim.net
Tue Aug 2 15:29:07 UTC 2016
On Tue, Aug 02, 2016 at 02:56:26PM +0000, Olivier BONHOMME wrote:
> Hello Tom,
>
> It's indeed an interesting way. I didn't think about something just disabled. I
> browsed, gnutls rpm changelog and I saw this :
>
> * Thu May 3 2012 Tomas Mraz <tmraz at redhat.com> 2.8.5-7
> - more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default)
>
> So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it
> because it can't force it.
>
> I tried browsing the code and RPM patches but I was unable to find where this
> disable thing is.
>
> Does anybody have an idea ?
Hello guy,
I think i found something. If we look into the upstream source provided in the
GNUTLS SRPM, we have on the file lib/gnutls_priority.c:
static const int protocol_priority[] = {
/* GNUTLS_TLS1_2, -- not finalized yet! */
GNUTLS_TLS1_1,
GNUTLS_TLS1_0,
GNUTLS_SSL3,
0
};
So I guess that if even if TLS1.2 is implemented in the CentOS version, the
default priority doesn't allow to use TLS1.2.
And I think that lftp doesn't allow to force this priority, that's why I can't
use TLS1.2 and only at least TLS1.1.
So the question is: Is that behaviour can be considered as an lftp bug or not ?
Regards,
Olivier
More information about the CentOS
mailing list