[Pkg-openssl-devel] Bug#765565: openssl: don't completely disable ssl3/2 but rather just don't use it

Christoph Anton Mitterer calestyo at scientia.net
Thu Oct 16 11:44:35 UTC 2014


Maybe one could simply build a second version of the library with a
different name (libssl-insecure or whatever) which have the old stuff
enabled.
Those binaries for which it's safe / sane to have insecure algos still
supported could be build against that.

Thereby the real libssl could be kept free of any legacy code, avoiding
that programs can accidentally use it.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20141016/be0c9146/attachment-0001.bin>


More information about the Pkg-openssl-devel mailing list