[Nagiosplug-devel] New release planned next week
Holger Weiß
holger at cis.fu-berlin.de
Mon Sep 16 14:54:18 CEST 2013
* Jochen Bern <Jochen.Bern at LINworks.de> [2013-09-16 13:58]:
> Sorry for the late reply, haven't gotten around to testing 'til today -
> and while (still) preparing to test, I found that I had written a mini
> patch for 4.1.16 (sslutils.c and a proof-of-concept use in check_http.c)
> so that you can not only force a specific SSL version
> (SSLv2/SSLv3/TLSv1), but also *exclude* just one of the three instead.
With newer OpenSSL releases, the semantics are a bit weirdo:
| In order to ensure interoperability SSL_OP_NO_protocolX does not disable
| just protocol X, but all protocols above X *if* there are protocols
| *below* X still enabled.
[ http://www.openssl.org/news/changelog.html ]
But I guess I'd rather not try to document this in check_http's --help
output.
More importantly, I guess other users might want to combine e.g.
SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3, so maybe we should support this?
Holger
More information about the Devel
mailing list