[Libwebsockets] OpenSSL 1.1.0c

Andy Green andy at warmcat.com
Tue Mar 21 22:51:18 CET 2017



On March 22, 2017 3:04:39 AM GMT+08:00, Joel Winarske <joel.winarske at gmail.com> wrote:
>My fix is to replace SSLv3_client_method() with TLS_client_method().

It's the right way, but Fedora 25 OpenSSL currently doesn't have that, he has TLSv1_2_... so I switched to that in master.  It's a bit tricky still trying to work with old OpenSSL and newer OpenSSL that marks the things the old ones want to use as deprecated.

I only changed this from SSLv23_... a few hours ago on master because the OpenSSL compatibility shim for mbedtls on ESP32 lacks that... 

By chance I looked at the implementation of this in boringssl recently for a job, they all alias on to one of the TLS... ones there anyway.

-Andy

>On Tue, Mar 21, 2017 at 11:23 AM, Joel Winarske
><joel.winarske at gmail.com>
>wrote:
>
>> Hi Andy,
>>
>> When building with OpenSSL 1.1.0c I get deprecation error after I
>rebuild
>> OpenSSL to enable SSLv3:
>>
>> error: ‘SSLv3_client_method’ is deprecated [-Werror=deprecated-
>> declarations]
>>   method = (SSL_METHOD *)SSLv3_client_method();
>>
>>
>> In the docs it has:
>>
>> The SSLv2 and SSLv3 protocols are deprecated and should generally not
>be
>> used. Applications should typically use SSL_CTX_set_options
>> <https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html>
>in
>> combination with the SSL_OP_NO_SSLv3 flag to disable negotiation of
>SSLv3
>> via the above version-flexible SSL/TLS methods. The SSL_OP_NO_SSLv2
>option
>> is set by default, and would need to be cleared via
>SSL_CTX_clear_options
>>
><https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_clear_options.html>
>in
>> order to enable negotiation of SSLv2.
>>
>> Is this something you are planning to update?  I need this OpenSSL
>version
>> for use with nghttp2.
>>
>>
>> Thanks,
>> Joel
>>



More information about the Libwebsockets mailing list