You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Sander Temme <sa...@temme.net> on 2005/01/03 20:10:22 UTC
Re: [1.3 PATCH] Select SSL version on ab command line
On Dec 21, 2004, at 1:03 PM, Sander Temme wrote:
>
> On Dec 21, 2004, at 11:21 AM, William A. Rowe, Jr. wrote:
>
>> Can we use a separate flag to specific protocol version?
>
> To address both your and André's response, yes we can. I even found an
> unused letter that makes sense: -m for 'method'. And yes, I'll do a
> 2.1 patch. The reason my personal itch was with the 1.3 ab is that it
> defaults to SSLv2 and my company's product doesn't support SSLv2.
Now that the holidays are over:
<Tickle>
If we (as a community) don't want to put that kind of work into ab,
especially 1.3 ab, I totally understand. In that case, I would like you
to consider the following one-line patch that just makes ab negotiate
the highest SSL version available rather than finding itself stuck at
the obsolete SSL version 2:
Index: src/support/ab.c
===================================================================
--- src/support/ab.c (revision 124022)
+++ src/support/ab.c (working copy)
@@ -1655,7 +1655,7 @@
#ifdef USE_SSL
SSL_library_init();
- if (!(ctx = SSL_CTX_new(SSLv2_client_method()))) {
+ if (!(ctx = SSL_CTX_new(SSLv23_client_method()))) {
fprintf(stderr, "Could not init SSL CTX: ");
ERR_print_errors_fp(stderr);
exit(1);
Thanks!
S.
--
sander@temme.net http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF