[Pkg-openssl-devel] Bug#766297: Bug#766297: openssl s_client no longer recognizes -ssl3 option

Vincent Lefevre vincent at vinc17.net
Wed Oct 22 08:19:44 UTC 2014


On 2014-10-22 09:15:56 +0200, Kurt Roeckx wrote:
> On Tue, Oct 21, 2014 at 06:33:50PM -0700, Nikolaus Rath wrote:
> > After my last testing upgrade, openssl s_client has trouble accepting
> > the -ssl3 and -ssl2 options. This prevents e.g. Gnus from using SSL
> > to connect to mailservers.
> 
> It shouldn't be using the -ssl3 option.  The -ssl2 option has been
> gone for a while.  But SSL v3.0 is also insecure and you should
> stop using it.

I agree that one should stop using SSL v3.0 for normal use, but the
-ssl3 option would still be useful for testing servers, as in the
example given here:

https://linode.com/docs/security/security-patches/disabling-sslv3-for-poodle

(which is no longer possible due to this bug).

> I also think that it shouldn't be using s_client for anything.
> s_client is a debug tool, and will not do what you expect.

Yes, a debug tool (or test tool), and that's why the -ssl3 option
is useful in this particular case.

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



More information about the Pkg-openssl-devel mailing list