[Pkg-openssl-devel] Fwd: Bug#828422: links2: FTBFS with openssl 1.1.0
Kurt Roeckx
kurt at roeckx.be
Tue Jun 28 07:59:31 UTC 2016
On Tue, Jun 28, 2016 at 02:16:38AM +0200, Axel Beckert wrote:
> > OpenSSL 1.0.2h in Debian Sid is compiled with SSLv2_client_method enabled
> > and SSLv3_client_method disabled. Is it a configuration error? Why would
> > anyone want to enable SSL2 and disable SSL3? I suppose that the older
> > protocols should be disabled and newer protocols enabled.
>
> No idea, Cc'ing Debian's OpenSSL team. They probably can tell.
It got enabled by accident again. It used to be disabled (using
no-ssl2), but then upstream we decided to disable SSLv2 by default
and this broke lots of other distributions that didn't expect
those symbols to go away. So instead we split no-ssl2 in 2 parts
no-ssl2 and no-ssl2-method (like in the case of ssl3), and have the
SSLv2 methods return NUL by default instead. But then in the next
uploads (both stable and unstable) I actually forgot to add
no-ssl2-method to the config call so those methods exist again,
peopl call it again, and I can't remove them without an other
soname change.
Kurt
More information about the Pkg-openssl-devel
mailing list