- New upstream release 1.999 - Make sure we don't use version 0.30 of IO::Socket::IP - Make sure that PeerHost is checked in all places where PeerAddr is checked, because these are synonyms and IO::Socket::IP prefers PeerHost while others prefer PeerAddr; also accept PeerService additionally to PeerPort (https://github.com/noxxi/p5-io-socket-ssl/issues/16) - Add ability to use client certificates and to overwrite hostname with util/analyze-ssl.pl
33 lines
1.3 KiB
Diff
33 lines
1.3 KiB
Diff
--- lib/IO/Socket/SSL.pm
|
|
+++ lib/IO/Socket/SSL.pm
|
|
@@ -83,7 +83,7 @@ my $algo2digest = do {
|
|
# global defaults
|
|
my %DEFAULT_SSL_ARGS = (
|
|
SSL_check_crl => 0,
|
|
- SSL_version => 'SSLv23:!SSLv2',
|
|
+ SSL_version => '',
|
|
SSL_verify_callback => undef,
|
|
SSL_verifycn_scheme => undef, # fallback cn verification
|
|
SSL_verifycn_publicsuffix => undef, # fallback default list verification
|
|
@@ -2054,7 +2054,7 @@ WARN
|
|
|
|
my $ssl_op = Net::SSLeay::OP_ALL();
|
|
|
|
- my $ver;
|
|
+ my $ver = '';
|
|
for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
|
|
m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[12])?))$}i
|
|
or croak("invalid SSL_version specified");
|
|
--- lib/IO/Socket/SSL.pod
|
|
+++ lib/IO/Socket/SSL.pod
|
|
@@ -912,7 +912,8 @@ recent versions of Net::SSLeay and opens
|
|
|
|
You can limit to set of supported protocols by adding !version separated by ':'.
|
|
|
|
-The default SSL_version is 'SSLv23:!SSLv2' which means, that SSLv2, SSLv3 and
|
|
+The default SSL_version is defined by underlying cryptographic library.
|
|
+For example, 'SSLv23:!SSLv2' means that SSLv2, SSLv3 and TLSv1
|
|
TLSv1 are supported for initial protocol handshakes, but SSLv2 will not be
|
|
accepted, leaving only SSLv3 and TLSv1. You can also use !TLSv1_1 and !TLSv1_2
|
|
to disable TLS versions 1.1 and 1.2 while allowing TLS version 1.0.
|