"Hiroshi Miura(@osmf)" miurahr@osmf.jp writes:
OpenSSL 1.0.x now support TLSv1.1 and TLSv1.2. Sometimes TLSv1.1/1.2 negotiation fails because of combination of server/client ssl library versions. It fixes the error connecting Evernote server with evernote client. http://bugs.winehq.org/show_bug.cgi?id=30598
It has a mechanism to fallback to SSLv3/TLSv1 when fails with TLSv1.1/1.2.
It has also mechanism enable/disable TLSv1.1/1.2 by registry entry under SYSTEM/CurrentControlSet/Control/SecurityProvider/SCHANNEL/Protocols/ where is as same place as Windows7. TLSv1.1/1.2 is enabled when the registry entry does not exist.
It doesn't build on older openssl:
gcc -m32 -c -I. -I. -I../../include -I../../include -D__WINESRC__ -D_WINX32_ -D_REENTRANT -fPIC -Wall -pipe -fno-strict-aliasing -Wdeclaration-after-statement -Wstrict-prototypes -Wwrite-strings -gstabs+ -fno-omit-frame-pointer -Wpointer-arith -I/usr/local/include/freetype2 -I/usr/local/include -g -O2 -o netconnection.o netconnection.c netconnection.c: In function 'get_tls_option': netconnection.c:478: error: 'SSL_OP_NO_TLSv1_2' undeclared (first use in this function) netconnection.c:478: error: (Each undeclared identifier is reported only once netconnection.c:478: error: for each function it appears in.) netconnection.c:486: error: 'SSL_OP_NO_TLSv1_1' undeclared (first use in this function) netconnection.c: In function 'NETCON_secure_connect': netconnection.c:925: error: 'SSL_OP_NO_TLSv1_1' undeclared (first use in this function) netconnection.c:925: error: 'SSL_OP_NO_TLSv1_2' undeclared (first use in this function) make[1]: *** [netconnection.o] Error 1