OpenSSL in ext/openssl hasn't been touched in three years. At the same time, TLS1.2 is currently configured as the maximum version. Judging from the commit messages, it is currently v1.0.2l from may 2017.
I would love to see this updated to a recent version, and especially deactivating TLSv1.0 and TLSv1.1 (maybe even enabling TLSv1.3 along the way).
Also, I believe, references to "SSL" in the user interface should really be updated to say "TLS" as well.
ccoenen
All 5 comments
OpenSSL is in progress of being updated.
shymega
on 4 Oct 2020
Unfortunately, I can't release anymore information on that front because of the way its been handled. I think I can't anyway... but with the UI part, I think I can push a commit for that :)
EDIT: Just looking at it now though - I can only really edit the English translation for that part of the UI. There's a fair bit of unfinished translations for the SSL text references on the UI, and other elements.
I'll edit the English translation for now.
shymega
on 4 Oct 2020
Actually, now that I think about it.. I'm not sure if we even use TLS in Barrier. :/
shymega
on 4 Oct 2020
Oops. Yeah, we don't. Should have realised - gonna go close #901, and we can reopen and merge once we have TLS support... sorry for the confusion.
shymega
on 4 Oct 2020
Actually, now that I think about it.. I'm not sure if we even use TLS in Barrier. :/
My client inists (via log) that it connects via TLS 1.2
connecting to ...
...
"connected to secure socket"
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
I would have assumed that this means it's connected via this cipher suite?
ccoenen
on 5 Oct 2020
Related issues
elig0n
路
3Comments
geraldvillorente
路
4Comments
TheCire
路
4Comments
raffimohammed
路
3Comments
fredlllll
路
5Comments
Most helpful comment
OpenSSL is in progress of being updated.