Re: TLSv1.3 supprt for 2.4.x?
On Tue, Sep 11, 2018 at 10:42:02AM +0200, Stefan Eissing wrote:
> > Am 10.09.2018 um 10:59 schrieb Joe Orton <jorton@xxxxxxxxxx>:
> > http://svn.apache.org/viewvc?view=revision&revision=1828220
> > - I think this is merged in the branch slightly differently?
> I think this overlaps with a subsequent change of SSL_HAVE_PROTOCOL_TLSV1_3 vs. SSL_OP_NO_TLSv1_3? Feel free to fix this as you think it's best.
Probably just need to mark it merged, ignore this for now.
> > http://svn.apache.org/viewvc?view=revision&revision=1828790
> > http://svn.apache.org/viewvc?view=revision&revision=1828791
> > http://svn.apache.org/viewvc?view=revision&revision=1828792
> > - I think these should be merged too?
> Just done. Thanks!
Thanks a lot.
Does anybody have successful test results with post-handshake auth? I'm
testing against Fedora's OpenSSL 1.1.1pre9 which has merged the changes
I'm not able to get a successful PHA exchange, even with a client which
explicitly enables PHA. It seems like the test suite will be broken
until the Perl stack is patched to enable PHA somehow, which is a
massive headache AFAICT.
Without the SSL_peek(ssl, peekbuf, 0) after SSL_do_handshake(), OpenSSL
is sending the CertificateRequest to the client but doesn't wait to read
the response. With the SSL_peek() call I think it successfully
completes the "handshake" (and gets the cert) but then hangs waiting for
app_data which is never coming, and eventually times out. Anybody got