s4 with older GNUTLS

Andrew Bartlett abartlet at samba.org
Sun Aug 30 23:10:49 UTC 2015

On Sun, 2015-08-30 at 19:13 +0200, Matthias Dieter Wallnöfer wrote:
> I need the attached patch to make s4 work with an older GNUTLS 
> library,
> which does not provide any gnutls_priority...() calls.

Sadly we need a way to turn off SSLv3, and without that call we are
unable to.

However, this patch made Garming and I realise that we had unused code
in lib/tls/tls.c and that the web server, which is largely unused but
still present, was still supporting SSLv3, against the WHATSNEW

So we can consider the consequences, what systems use the older

In the meantime, a patch to fix up the web server to turn of SSLv3 is
now in autobuild.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba-technical mailing list