[CentOS] TLSv1.2 support for lftp on CentOS 6.x

Tue Aug 2 15:29:07 UTC 2016
Olivier BONHOMME <obonhomme at nerim.net>

On Tue, Aug 02, 2016 at 02:56:26PM +0000, Olivier BONHOMME wrote:
> Hello Tom,
> It's indeed an interesting way. I didn't think about something just disabled. I
> browsed, gnutls rpm changelog and I saw this : 
> * Thu May  3 2012 Tomas Mraz <tmraz at redhat.com> 2.8.5-7
> - more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default)
> So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it
> because it can't force it.
> I tried browsing the code and RPM patches but I was unable to find where this
> disable thing is.
> Does anybody have an idea ?

Hello guy,

I think i found something. If we look into the upstream source provided in the
GNUTLS SRPM, we have on the file lib/gnutls_priority.c: 

static const int protocol_priority[] = {
  /* GNUTLS_TLS1_2, -- not finalized yet! */

So I guess that if even if TLS1.2 is implemented in the CentOS version, the
default priority doesn't allow to use TLS1.2. 

And I think that lftp doesn't allow to force this priority, that's why I can't
use TLS1.2 and only at least TLS1.1.

So the question is: Is that behaviour can be considered as an lftp bug or not ?