Irssi core bugs

Notice: Undefined index: tasklist_type in /var/www/ : eval()'d code on line 85 Notice: Undefined index: tasklist_type in /var/www/ : eval()'d code on line 90
  • Status Closed
  • Percent Complete
  • Task Type Bug Report
  • Category core
  • Assigned To No-one
  • Operating System Linux
  • Severity Medium
  • Priority Normal
  • Reported Version irssi 0.8.15
  • Due in Version Undecided
  • Due Date Undecided
  • Votes 0
  • Private No
Attached to Project: Irssi core bugs
Opened by pi-rho (pi-rho) - 2012-03-28
Last edited by Emanuele Giaquinta (ayin) - 2012-06-24

FS#841 - r5136 (Bazerka, "disable SSLv2") breaks TLS v1.1 servers

According to OpenSSL library documentation[1], calling SSL_CTX_set_options with SSL_OP_NO_SSLv2 is sufficient to disable SSLv2. ORing that value with SSL_OP_ALL turns on a whole host of workarounds. These workarounds actually degrade the security of OpenSSL. A side-effect is that it breaks modern TLSv1.1.

With SSL_OP_ALL | SSL_OP_NO_SSLv2, connecting to a TLS v1.1 server using FIPS algorithms results in "unknown protocol" (Attached: irssi-r5136.patch)

With SSL_OP_NO_SSLv2, connecting to a TLSv1.1 server is successful (Attached: irssi-r5136-revised.patch)

[1] OpenSSL Documentation, SSL_CTX_set_options:

This task does not depend on any other tasks.

Closed by  Emanuele Giaquinta (ayin)
Sunday, 24 June 2012, 10:57 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in r5216.