Closed chris-allan closed 11 months ago
chris-allan
commented
12 months ago Follow on from the cleanup started in #336. Should allow Python clients to connect to servers that require TLS 1.3 and not affect any existing clients that want to use TLS 1.2 or below.
imagesc-bot
commented
11 months ago This pull request has been mentioned on Image.sc Forum. There might be relevant details there:
https://forum.image.sc/t/omero-login-ssl-error-dh-key/79574/17
This setting made sense when we were still supporting SSLv3 but that has been disabled by default since Ice 3.6:
Consequently, it's better to leave this setting as the default and let the server dictate what it expects since we do not have a complete overlap in TLS version support on the platforms we support (CentOS 7 does not support TLS 1.3). This setting currently forbids clients from negotiating TLS 1.3 where it is available. Ice will use sane defaults on these platforms.