Artifacts Associated With Ticket 305ee10b8666aa7a

1. Ticket change [be20e14a09] (rid 1566) by anonymous on 2021-09-29 08:34:09:

   1. foundin initialized to: "1.7.22"
   2. icomment:

      In some cases it is required to change openssl options running tcltls. There may be more and other options as I need and describe here.
      
      E.g. running tclhttpd with tcltls needs openssl to change client to server cipher order to pass SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30) as grade A.
      
      I don't know a better way as to add SSL_OP_CIPHER_SERVER_PREFERENCE to tcl.c but would prefer to have an option in ::tls::init
      
      tls.c:1215    SSL_CTX_set_options( ctx, SSL_OP_ALL | SSL_OP_CIPHER_SERVER_PREFERENCE );	/* all SSL bug workarounds */
      

   3. login: "anonymous"
   4. mimetype: "text/x-markdown"
   5. private_contact initialized to: "8dda71963bd5edcf76271381ede4f2d7ca6cd4b3"
   6. severity initialized to: "Important"
   7. status initialized to: "Open"
   8. title initialized to: "support of openssl options in tls:init"
   9. type initialized to: "Feature Request"

2. Ticket change [a2bbedc6f5] (rid 1567) by anonymous on 2021-09-29 08:42:00:

   1. icomment:

      Of cause the added line should be 
      
      tls.c:1215 
      SSL_CTX_set_options( ctx, SSL_OP_CIPHER_SERVER_PREFERENCE );	/* force cipher order selection by server */
      

   2. login: "anonymous"
   3. mimetype: "text/x-markdown"
   4. priority changed to: "Immediate"
   5. resolution changed to: "Open"

3. Ticket change [21a8a47206] (rid 3697) by bohagan on 2024-06-29 01:34:20:

   1. icomment:

      This issue was fixed in commit [ba1403b62cb1bcd5]. Rather than a new option, the
      server order was made the default. This is the recommended approach to ensure the
      best ciphers are used.
      

   2. login: "bohagan"
   3. mimetype: "text/x-fossil-plain"
   4. resolution changed to: "Fixed"
   5. status changed to: "Closed"