On Tue, Apr 17, 2012 at 08:18:45PM +0200, Kurt Roeckx wrote: > > I think I found the problem. In irssi's network-openssl.c:409 > > > > SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); > > > > In the latest versions of OpenSSL, SSL_OP_ALL includes > > SSL_OP_NO_TLSv1_1. > > So you mean with a rebuild you pass new options, and with the new > options it works?
Now I really found it, it's actually the other way around. In OpenSSL 1.0.0e-2: #define SSL_OP_ALL 0x80000FFFL In OpenSSL 1.0.1-4: #define SSL_OP_ALL 0x80000BFFL #define SSL_OP_NO_TLSv1_1 0x00000400L (0x80000BFFL + 0x00000400L == 0x80000FFFL) So the former macro sets the 0x400 bit, which is not used in that version. However, in more recent versions of OpenSSL that bit disables support for TLS 1.1 Summarizing: you'll have the TLS 1.1 support disabled depending on the version you compiled your code with. That sounds like ABI breakage to me. Berto -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
