)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"4b7b3678b18ef66375adbe52820e132d5f18a4e2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"dbd084b0_5c178322","updated":"2025-09-08 18:17:05.000000000","message":"Also\n\n20:01 \u003c m-a\u003e cron2: new ssl_testdriver passes at SECLEVEL\u003d3 and SECLEVEL\u003d4, but \n             still barfs at SECLEVEL\u003d5.","commit_id":"ef08e36ba8e564832adfcfe2d33095aabeef9726"},{"author":{"_account_id":1000046,"name":"mandree","email":"matthias.andree@gmx.de","username":"mandree"},"change_message_id":"47c1ef9a4e5497dd1e03c42fd32d65fb5979c9e1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"ad8fb9f5_53aeba27","updated":"2025-09-08 18:15:43.000000000","message":"On my FreeBSD 14.3-RELEASE-p2 amd64, with OpenSSL 3.5 installed from ports,\nthe self-test suite, in particular ssl_testdriver, now passes with openssl.cnf\nraising the ciphersuite to SECLEVEL\u003d3 or SECLEVEL\u003d4, but SECLEVEL\u003d5 still bombs out\nwith \"ee key too small\". So: ACK because it\u0027s an improvement.\n\nNot sure if the purpose of the test is \"test that our own TLS stuff works\",\nor by contrast \"test that the system\u0027s default OpenSSL setting works\".\n  In the former case, it might be suitable to ship an openssl.cnf for the test\nthat gets us a defined environment, or maybe run the test twice once with system\ndefault settings and once with an override to see if _todays_ zealous SECLEVEL is it.\n\nOf course the operating system or OpenSSL distro might kill our favorite cipher altogether, in which case we\u0027re dead unless we override - but then the isolated\ntest case bears no relevance for practical applicability of its results.","commit_id":"ef08e36ba8e564832adfcfe2d33095aabeef9726"}]}