New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[dev.icinga.com #11292] ApiListener: Make minimum TLS version configurable #3999
Comments
Updated by tobiasvdk on 2016-03-03 13:37:54 +00:00
|
Updated by tobiasvdk on 2016-03-03 13:38:28 +00:00
|
Updated by tobiasvdk on 2016-03-03 13:38:33 +00:00
|
Updated by kobmaki on 2016-04-16 18:21:36 +00:00 Will be implement and PR will be send after the feature #11063. |
Updated by kobmaki on 2016-08-01 04:02:02 +00:00
Attach is the patch for configuration the tls-minimum protocol. |
Updated by kobmaki on 2016-08-03 05:50:04 +00:00
Applied in changeset b2ac05a. |
Updated by mfriedrich on 2016-08-03 07:36:41 +00:00
|
Updated by mfriedrich on 2016-08-05 13:54:10 +00:00
That patch breaks the el5 builds.
|
Updated by kobmaki on 2016-08-06 11:15:20 +00:00 On the build server, I can see the break. https://build.icinga.org/job/icinga2-centos-package/lastBuild/ The build server show that a boost153 library is used. These libs are available from http://packages.icinga.org/ . But the distribution has only boost up to version 1.48 available. The used compiler looks newer than the gcc (latest gcc44) and distcc is used. Some link compile options failed, as they are not recognize. E.g.
For compiling I use the gcc/**
How could I fix the broken ld option? --no-export-dynamic How could I disable the compile option or upgrade the gcc by adding a new repo to centos5? |
Updated by gbeutner on 2016-08-08 13:21:40 +00:00
|
Updated by mfriedrich on 2016-08-08 13:27:31 +00:00 |
Updated by gbeutner on 2016-08-08 13:28:20 +00:00
|
Updated by gbeutner on 2016-08-08 13:48:55 +00:00 Fixed in 231fd8d. |
Updated by gbeutner on 2016-08-18 08:22:07 +00:00
|
This issue has been migrated from Redmine: https://dev.icinga.com/issues/11292
Created by tobiasvdk on 2016-03-03 13:37:53 +00:00
Assignee: gbeutner
Status: Resolved (closed on 2016-08-08 13:28:20 +00:00)
Target Version: 2.5.0
Last Update: 2016-08-08 13:48:55 +00:00 (in Redmine)
In OpenSSL 1.1.0 there is the function "
SSL_CTX_set_min_proto_version
" "[1]":https://www.openssl.org/docs/manmaster/ssl/SSL\_CTX\_set\_min\_proto\_version.html to specify the minimum supported protocol version. For lower OpenSSL versions this needs to be implemented, afaik.[1] https://www.openssl.org/docs/manmaster/ssl/SSL\_CTX\_set\_min\_proto\_version.html
Attachments
Changesets
2016-08-03 05:46:50 +00:00 by kobmaki b2ac05a
2016-08-04 04:34:47 +00:00 by gbeutner bd3660f
2016-08-08 13:27:16 +00:00 by gbeutner 231fd8d
Relations:
The text was updated successfully, but these errors were encountered: