Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()
gregor herrmann
gregoa at debian.org
Sat Nov 7 00:08:38 UTC 2015
On Fri, 06 Nov 2015 22:07:25 +0100, Kurt Roeckx wrote:
> On Fri, Nov 06, 2015 at 09:22:04PM +0200, Niko Tyni wrote:
> > As discussed on IRC, it looks to me like there's no code support for
> > HTTPS_VERSION in 0.73_04 anymore. It seems to be just a leftover in
> > the docs.
> >
> > The upstream code in 0.73_04 now uses SSLv23_client_method() with
> > SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
> > by default, and with
> > SSL_OP_ALL | SSL_OP_NO_SSLv2
> > if the (currently undocumented) environment variable
> > CRYPT_SSLEAY_ALLOW_SSLv3 is set.
> >
> > This seems to be pretty much we want, so I think uploading 0.73_04 is
> > the way to fix this bug. The docs could be improved a bit of course.
>
> Yes, that looks good to me.
Thanks everybody; uploaded.
Cheers,
gregor
PS: Bug filed about the doc inconsistencies:
https://rt.cpan.org/Ticket/Display.html?id=108520
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- NP: Janis Joplin: Maybe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20151107/4328f560/attachment.sig>
More information about the pkg-perl-maintainers
mailing list