[omniORB] Feature Proposal: Support selecting the TLS protocol version
Duncan Grisby
duncan at grisby.org
Sun Jan 21 14:20:39 UTC 2024
On Tue, 2024-01-02 at 14:32 +0000, Weweler, Yves-Noel via omniORB-list
wrote:
> when overriding this in a subclass how would be make it available to
> control from Python?
> Currently I do not see any class that overrides or uses
> set_supported_versions. (Apparat from the context itself)
Sorry for the long delay in replying.
You are right, you can't override it from Python. It certainly seems
like a good idea to make this a configuration option, but it must be
done in a way that is binary compatible with existing omniORB versions,
meaning that it needs to be done inside the existing
set_supported_versions virtual function.
There are a few other restrictions:
- For ancient historical reasons, omniORB does not use any STL types,
so you can't use std::map and std::string.
- The OpenSSL functions to set min and max protocol versions were added
in OpenSSL 1.1.0, and there are still important systems out there that
use 1.0.2, so it needs fallback code to use the old mechanism with
SSL_CTX_set_options.
- DTLS is for UDP-based communication, that omniORB does not do, so
versions pertaining to DTLS are irrelevant.
Duncan.
--
-- Duncan Grisby --
-- duncan at grisby.org --
-- http://www.grisby.org --
More information about the omniORB-list
mailing list