Ticket Change Details

Artifact ID: be20e14a0986228512b46b613cd3c827b5d44071e9b054a81b3ceb4fce4634fb
Ticket: 305ee10b8666aa7a3107dc2f1a62b2c3abe35353
support of openssl options in tls:init
User & Date: anonymous 2021-09-29 08:34:09

  1. Change foundin to "1.7.22"
  2. Change icomment to:

    In some cases it is required to change openssl options running tcltls. There may be more and other options as I need and describe here.

    E.g. running tclhttpd with tcltls needs openssl to change client to server cipher order to pass SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30) as grade A.

    I don't know a better way as to add SSL_OP_CIPHER_SERVER_PREFERENCE to tcl.c but would prefer to have an option in ::tls::init

    tls.c:1215 SSL_CTX_set_options( ctx, SSL_OP_ALL | SSL_OP_CIPHER_SERVER_PREFERENCE ); /* all SSL bug workarounds */

  3. Change login to "anonymous"
  4. Change mimetype to "text/x-markdown"
  5. Change private_contact to "8dda71963bd5edcf76271381ede4f2d7ca6cd4b3"
  6. Change severity to "Important"
  7. Change status to "Open"
  8. Change title to "support of openssl options in tls:init"
  9. Change type to "Feature Request"