[Pkg-openssl-devel] Bug#765565: Bug#765565: Bug#765565: openssl: don't completely disable ssl3/2 but rather just don't use it
Kurt Roeckx
kurt at roeckx.be
Sat Oct 18 12:28:10 UTC 2014
On Sat, Oct 18, 2014 at 01:06:29PM +0100, rbsec wrote:
> Kurt,
>
> Just realised that I'd replied to you off-list - my bad.
>
> I'm not really sure where this should be logged as separate bug (or a
> security issue?) - I'll leave that up to you guys.
So my current understanding is that sslscan uses
SSLv3_client_method(), and that that is probably the only way to
still set up an SSL 3.0 connection.
I don't plan to bring back SSL 3.0 support, just assume that it's
going to go away.
sslscan also doesn't seem to support TLS 1.1 or higher for some
reason?
Kurt
More information about the Pkg-openssl-devel
mailing list