Check-in [ba1403b62c]
EuroTcl/OpenACS 11 - 12 JULY 2024, VIENNA
Overview
Comment:Use server cipher preference order. Source: https://sourceforge.net/p/tls/bugs/60/ and https://www.androwish.org/home/info/5718c3eb47cced4d and https://core.tcl-lang.org/tcltls/tktview/305ee10b86
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: ba1403b62cb1bcd5bd4794b38b67411450173ac74b720827f973a1f825ddee5e
User & Date: bohagan on 2023-04-23 03:34:19
Other Links: manifest | tags
Context
2023-04-23
04:49
Starkit fix to add current library names to tls.tcl starkit load function. Source: https://sourceforge.net/p/tls/bugs/55/ and https://sourceforge.net/p/tls/bugs/44/ check-in: c9cb1a525d user: bohagan tags: trunk
03:34
Use server cipher preference order. Source: https://sourceforge.net/p/tls/bugs/60/ and https://www.androwish.org/home/info/5718c3eb47cced4d and https://core.tcl-lang.org/tcltls/tktview/305ee10b86 check-in: ba1403b62c user: bohagan tags: trunk
02:36
Applied patch to add OpenSSL3 KTLS trivial processing. Description: Patch adds trivial processing for BIO_CTRL_GET_KTLS_SEND and BIO_CTRL_GET_KTLS_RECV control commands to make tcltls working with OpenSSL 3.0. See also: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006587 - https://bugzilla.redhat.com/show_bug.cgi?id=2088363 Source: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/openssl3.patch check-in: 6f19aa6623 user: bohagan tags: trunk
Changes

Modified tls.c from [07454bb7bd] to [9adcbda92a].

1238
1239
1240
1241
1242
1243
1244




1245
1246
1247
1248
1249
1250
1251
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255







+
+
+
+







	SSL_CTX_set_keylog_callback(ctx, KeyLogCallback);
    }

#if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3)
    if (proto == TLS_PROTO_TLS1_3) {
        SSL_CTX_set_min_proto_version (ctx, TLS1_3_VERSION);
        SSL_CTX_set_max_proto_version (ctx, TLS1_3_VERSION);

	if (!isServer) {
	    SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
	}
    }
#endif
    
    SSL_CTX_set_app_data( ctx, (void*)interp);	/* remember the interpreter */
    SSL_CTX_set_options( ctx, SSL_OP_ALL);	/* all SSL bug workarounds */
    SSL_CTX_set_options( ctx, off);	/* all SSL bug workarounds */
#if OPENSSL_VERSION_NUMBER < 0x10101000L