[sr-dev] [kamailio/kamailio] [tls] Don't use OpenSSL<1.0.2 fallback on 1.1+ (#2717)

Address GH #2716. Also see https://bugs.python.org/issue29697. &lt;!-- Kamailio Pull Request Template --&gt; &lt;!-- IMPORTANT: - for detailed contributing guidelines, read: https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md - pull requests must be done to master branch, unless they are backports of fixes from master branch to a stable branch - backports to stable branches must be done with &#39;git cherry-pick -x ...&#39; - code is contributed under BSD for core and main components (tm, sl, auth, tls) - code is contributed GPLv2 or a compatible license for the other components - GPL code is contributed with OpenSSL licensing exception --&gt; #### Pre-Submission Checklist &lt;!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply --&gt; &lt;!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above--&gt; &lt;!-- If you&#39;re unsure about any of these, don&#39;t hesitate to ask on sr-dev mailing list --&gt; - [X ] Commit message has the format required by CONTRIBUTING guide - [X] Commits are split per component (core, individual modules, libs, utils, ...) - [X ] Each component has a single commit (if not, squash them into one commit) - [ ] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [X] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist: &lt;!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --&gt; - [X] PR should be backported to stable branches - [X ] Tested changes locally - [ ] Related to issue #2716 #### Description For OpenSSL 1.1.x initialization of EC SSL contexts has changed — we should be using the &lt; 1.0.2 technique on OpenSSL 1.1+. This addresses a corner case where TLS server with P-256 cert would not handshake with a TLS client presenting a P-521 cert. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/2717 -- Commit Summary -- * [tls] Don&#39;t use OpenSSL&lt;1.0.2 fallback on 1.1+ -- File Changes -- M src/modules/tls/tls_domain.c (12) -- Patch Links -- https://github.com/kamailio/kamailio/pull/2717.patch https://github.com/kamailio/kamailio/pull/2717.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2717