FS#30716 - [perl-io-socket-ssl] Recent upgrade misses SSL_Version initialisation
Attached to Project:
Arch Linux
Opened by Volker Schmidt (connaisseur) - Tuesday, 17 July 2012, 05:27 GMT
Last edited by Eric Belanger (Snowman) - Saturday, 25 August 2012, 23:58 GMT
Opened by Volker Schmidt (connaisseur) - Tuesday, 17 July 2012, 05:27 GMT
Last edited by Eric Belanger (Snowman) - Saturday, 25 August 2012, 23:58 GMT
|
Details
Description:
Perl scripts having trouble using perl-io-socket-ssl when SSL_version is uninitialized. Additional info: * perl-io-socket-ssl-1.76-1-any Steps to reproduce: While sending SSL-protected email with "sendEmail" <https://aur.archlinux.org/packages.php?ID=7335> barfs with SSV_Version errrors. Found a quick fix on the net, which I append. |
This task depends upon
Closed by Eric Belanger (Snowman)
Saturday, 25 August 2012, 23:58 GMT
Reason for closing: Upstream
Additional comments about closing: see comment
Saturday, 25 August 2012, 23:58 GMT
Reason for closing: Upstream
Additional comments about closing: see comment
From SSL.pm:
---------------------------
=item SSL_version
Sets the version of the SSL protocol used to transmit data. 'SSLv23' auto-negotiates
between SSLv2 and SSLv3, while 'SSLv2', 'SSLv3' or 'TLSv1' restrict the protocol
to the specified version. All values are case-insensitive.
You can limit to set of supported protocols by adding !version separated by ':'.
The default SSL_version is 'SSLv23:!SSLv2' which means, that SSLv2, SSLv3 and TLSv1
are supported for initial protocol handshakes, but SSLv2 will not be accepted, leaving
only SSLv3 and TLSv1. You can also use !TLSv11 and !TLSv12 to disable TLS versions
1.1 and 1.2 while allowing TLS version 1.0.
---------------------------
I'm not sure if it's a good idea to change the default (maybe AUR should support SSLv3). Or to what to change it if we decide to change it. Maybe 'SSLv23' would be the best value.