[Remops] QSL 1.0.8
richard at quicksilvermail.net
richard at quicksilvermail.net
Sat Nov 29 20:39:35 GMT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All!
Since I last wrote I have implemented the cipher suite that Elvis
proposed:
ALL:!ADH:!MD5:!SSLv3:+TLSv1.2:@STRENGTH
Of course, nothing is ever easy!
Once installed the suite caused this exception on every site I tried:
InitSSLConnection: error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no
ciphers available
After banging my head against this for a few days, it occurred to me
that including !SSLv3 might have also disabled TLS in this particular
component. So I changed !SSLv3 to !SSLv2:
ALL:!ADH:!MD5:!SSLv2:+TLSv1.2:@STRENGTH
I believe this should not be a problem since the SSL context itself
provides options for disabling SSLv2 and/or SSLv3 and/or TLS. I disabled
SSLv3. I also disabled SSLv2 for good measure. This setup works great.
Every SSL site I tried worked except...JeremySSL. I could not get it to
work no matter what. It always fails with:
ERROR: 10053 SSL handshake failed
I put plenty of time into this problem without success, so I changed the
plan. There are no other SSL enabled sites in bergman's allpingers.txt,
so I chose mixmin4096, based on Steve's longevity. I would be happy to
pursue jeremy's problem further, either now or for the next release. If
you would like that, let me know.
I have this project complete and can release it tomorrow. I'm thinking
that you'd like to see it released asap. Me too.
Regards,
Richard
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQIcBAEBAgAGBQJUejCvAAoJEJxtYUVddaeiSSIP/AgoDwOyE1ntyV36hS8Tso4M
RXaNqREK65ZbdlrSJGCiI0mNLjBvr8XpfvjSfG/x8pr6yaA4mR9Ol6Aga27mt+78
B9zaa07EsPsCK4MRnzXrH5VhK/7QPttsgC6X/m4NkYGYV4uxhTADngj/k9AQVHDx
mC0Mtb1lrgQnATLBXAyo7/aeZ/UtBOXGcTpyGLg1IrXakb+p6Ya67RSqpXwKa3Ki
sFAbPd/4Wn7mx4Tug2D8rcQ+AFko/jgQ5GJzaKL2lNAweIGfbiqGDkH24IRfw6+9
YwkNOFFpF1MfilPNeFgAnFVuQ4JCAaamEdTd+s6EUqduOpGxeXoknua7PL2o4BNd
XvdWRK4YCd3D16xe097alt3/i/mdlmy43LzHZGTIwpazZgxZ5Kyip+v1GcBqpJ1L
lSsasg7OHdxfH7ksIS0amLywKCwGO3c6uLvx7pDqPlYBWyOiO+qIUCegckKJVdX3
zIrx7n1bg/wJCENhEdBo1zUbV8L91BU5orTFrzS/NvSKcLAYdMt9TrkQDz8Aa/TJ
3y37F2xMb5im5DdzrnDeOFWKt9EAJBEkrwIQ8InvoVLoDlZRF9TgMutnibkWe8Xk
jYtHAafHgkZRgfOqsZozaE3B3GK5IpyuiFfOWDYHpeTmm8N3r8R8hHyqCM6sZ8w3
ILnk1uxmS/T2nMZ0MEAl
=kLE4
-----END PGP SIGNATURE-----
More information about the Remops
mailing list