eSeGeCe
software
We have some old certificates that does not comply with the default minimum security level in openssl 3. Loading these certificates is rejected by openssl 3.
We have then tried to set SSLOptions.CipherList = 'DEFAULT:@SECLEVEL=0', but that does not work either.
We have then modified the sgcIdSSLOpenSSL.pas to call SSL_CTX_set_cipher_list prior to loading the certificates and now it works.
This looks like an error in sgcIdSSLOpenSSL.pas, since the CipherList content is also used to set the security level which influences the loading of certificates and should be corrected.
We have then tried to set SSLOptions.CipherList = 'DEFAULT:@SECLEVEL=0', but that does not work either.
We have then modified the sgcIdSSLOpenSSL.pas to call SSL_CTX_set_cipher_list prior to loading the certificates and now it works.
This looks like an error in sgcIdSSLOpenSSL.pas, since the CipherList content is also used to set the security level which influences the loading of certificates and should be corrected.
Hello,
I've published a new beta to address this issue, now the function SSL_CTX_set_cipher_list is called before loading the certificates. Thanks for the feedback.
Kind Regards,
Sergio
I've published a new beta to address this issue, now the function SSL_CTX_set_cipher_list is called before loading the certificates. Thanks for the feedback.
Kind Regards,
Sergio
Hello,
I'll dig into the openssl documentation to check this issue and provide a fix if required. I'll get back to you with a response.
Thanks for the feedback.
Kind Regards,
Sergio
I'll dig into the openssl documentation to check this issue and provide a fix if required. I'll get back to you with a response.
Thanks for the feedback.
Kind Regards,
Sergio
- Page :
- 1
There are no replies made for this post yet.