[Pkg-openssl-devel] Bug#765565: Bug#765565: openssl: don't completely disable ssl3/2 but rather just don't use it
Kurt Roeckx
kurt at roeckx.be
Thu Oct 16 16:19:22 UTC 2014
On Thu, Oct 16, 2014 at 11:47:32AM +0200, Christoph Anton Mitterer wrote:
> Package: openssl
> Version: 1.0.1j-1
> Severity: wishlist
>
>
> Hi.
>
> It seems that SSLv3 (and also v2) are disabled now, which is
> first of all of course great for security reasons.
>
> But AFAICS, it's completely gone, i.e. one cannot even intentionally
> enable it.
> I mainly have s_client in my mind in order to allow testing.
>
> Is it somehow possible to still compile it but just don't use it
> anywhere per default? Or even better disallow it's use anywhere
> but e.g. from s_client?
That seems to be complicated to do, so I think it's unlikely that
this is going to happen.
Kurt
More information about the Pkg-openssl-devel
mailing list