~cadence/bliz-devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH] Use only TLS 1.2

Paper
Details
Message ID
<20210102114658.19273-1-paper@tilde.institute>
DKIM signature
missing
Download raw message
Patch: +1 -1
---
 main.fish | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.fish b/main.fish
index 00273ab..97be7e7 100755
--- a/main.fish
+++ b/main.fish
@@ -3,4 +3,4 @@
source src/config.fish
source src/includes.fish

socat openssl-listen:1965,cert=certs/cert.pem,key=certs/key.pem,verify=0,reuseaddr,fork exec:"fish src/cgi.fish"
socat openssl-listen:1965,cert=certs/cert.pem,key=certs/key.pem,method=TLS1.2,verify=0,reuseaddr,fork exec:"fish src/cgi.fish"
-- 
2.30.0
Details
Message ID
<20210103010709.5c241c6b2f116eac6b7d2fa5@disroot.org>
In-Reply-To
<20210102114658.19273-1-paper@tilde.institute> (view parent)
DKIM signature
pass
Download raw message
The spec:

> Servers MUST use TLS version 1.2 or higher and SHOULD use TLS
> version 1.3 or higher. TLS 1.2 is reluctantly permitted for now to
> avoid drastically reducing the range of available implementation
> libraries. Hopefully TLS 1.3 or higher can be specced in the near
> future. Clients who wish to be "ahead of the curve MAY refuse to
> connect to servers using TLS version 1.2 or lower.

Does this option also allow connections through TLS 1.3 (if socat even
supports them at all) ?
Reply to thread Export thread (mbox)