How does mod_auth_openidc make a connection to the OP? #538
-
Our mod_auth_openidc RP is connecting to our OP using TLSv1.0. I would like it to use TLSv1.2. The versions of OpenSSL and NSS on my system support TLSv1.2, however my system installation of curl does not. System Information:CentOS 6.6 The system acts a relying party to an Auth0 instance as a provider. QuestionsI am wondering how I can make mod_auth_openidc connect with TLSv1.2 instead but I am a bit unsure of how to make that happen. I figure if I know it uses libcurl, I can update that to resolve the issue, but it would be good to know how it is working before I do that. How does mod_auth_openidc make a connection to the OP? Is there a suggested way for me to achieve this with the version of mod_auth_openidc I am running? Thanks in advance for any help. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
the module uses libcurl indeed but there's no way to force the TLS version as it is right now; that could be a feature request; however I believe libcurl should be able to negotiate the TLS version and would try with the highest version supported |
Beta Was this translation helpful? Give feedback.
-
see 4958b8b slated for 2.4.13 |
Beta Was this translation helpful? Give feedback.
the module uses libcurl indeed but there's no way to force the TLS version as it is right now; that could be a feature request; however I believe libcurl should be able to negotiate the TLS version and would try with the highest version supported