|
2024-06-29
| ||
| 01:34 | • Closed ticket [305ee10b86]: support of openssl options in tls:init plus 4 other changes artifact: 21a8a47206 user: bohagan | |
|
2021-09-29
| ||
| 08:42 | • Ticket [305ee10b86]: 5 changes artifact: a2bbedc6f5 user: anonymous | |
| 08:34 | • New ticket [305ee10b86]. artifact: be20e14a09 user: anonymous | |
| Ticket Hash: | 305ee10b8666aa7a3107dc2f1a62b2c3abe35353 | |||||
| Title: | support of openssl options in tls:init | |||||
| Status: | Closed | Type: | Feature Request | |||
| Severity: | Important | Priority: | Immediate | |||
| Subsystem: | Resolution: | Fixed | ||||
| Last Modified: | 2024-06-29 01:34:20 | |||||
| Version Found In: | 1.7.22 | |||||
| User Comments: | ||||||
|
anonymous added on 2021-09-29 08:34:09:
In some cases it is required to change openssl options running tcltls. There may be more and other options as I need and describe here. E.g. running tclhttpd with tcltls needs openssl to change client to server cipher order to pass SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30) as grade A. I don't know a better way as to add SSL_OP_CIPHER_SERVER_PREFERENCE to tcl.c but would prefer to have an option in ::tls::init
anonymous added on 2021-09-29 08:42:00: Of cause the added line should be tls.c:1215 SSL_CTX_set_options( ctx, SSL_OP_CIPHER_SERVER_PREFERENCE ); /* force cipher order selection by server */ bohagan added on 2024-06-29 01:34:20: This issue was fixed in commit [ba1403b62cb1bcd5]. Rather than a new option, the server order was made the default. This is the recommended approach to ensure the best ciphers are used. | ||||||