[Nagiosplug-devel] New release planned next week

Holger Weiß holger at cis.fu-berlin.de
Mon Sep 16 14:54:18 CEST 2013


* Jochen Bern <Jochen.Bern at LINworks.de> [2013-09-16 13:58]:
> Sorry for the late reply, haven't gotten around to testing 'til today -
> and while (still) preparing to test, I found that I had written a mini
> patch for 4.1.16 (sslutils.c and a proof-of-concept use in check_http.c)
> so that you can not only force a specific SSL version
> (SSLv2/SSLv3/TLSv1), but also *exclude* just one of the three instead.

With newer OpenSSL releases, the semantics are a bit weirdo:

| In order to ensure interoperability SSL_OP_NO_protocolX does not disable
| just protocol X, but all protocols above X *if* there are protocols
| *below* X still enabled.

[ http://www.openssl.org/news/changelog.html ]

But I guess I'd rather not try to document this in check_http's --help
output.

More importantly, I guess other users might want to combine e.g.
SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3, so maybe we should support this?

Holger




More information about the Devel mailing list