Closed chris-allan closed 11 months ago
Follow on from the cleanup started in #336. Should allow Python clients to connect to servers that require TLS 1.3 and not affect any existing clients that want to use TLS 1.2 or below.
This pull request has been mentioned on Image.sc Forum. There might be relevant details there:
https://forum.image.sc/t/omero-login-ssl-error-dh-key/79574/17
This setting made sense when we were still supporting SSLv3 but that has been disabled by default since Ice 3.6:
Consequently, it's better to leave this setting as the default and let the server dictate what it expects since we do not have a complete overlap in TLS version support on the platforms we support (CentOS 7 does not support TLS 1.3). This setting currently forbids clients from negotiating TLS 1.3 where it is available. Ice will use sane defaults on these platforms.