Hello! After disabling SSLv3:
SSLOptions ALL -SSLv3 we noticed, that curl itself and libcurl-using programs (such as git) stopped working on some of the (older) systems -- such as RHEL5 -- when invoked against the https-URLs pointing at the reconfigured servers. Invoking curl with the -1 option (a.k.a. --tlsv1) worked, but without the option curl kept failing -- complaining about SSL protocol error. Unfortunately, there is no way to propagate that option through git to the underlying libcurl... On newer systems (RHEL6, FreeBSD9), things are fine, but we have a substantial number of those old ones and need a solution... I was able to find this question: http://serverfault.com/questions/637880/disabling-sslv3-but-still-supporting-sslv2hello-in-apache/ and a patch linked to from one of the answers: http://pastebin.com/Nvat7xTy I can confirm, that the patch "works" -- curl and git started working after I restarted the rebuilt httpd. And running sslscan against the patched server continues to list the "bad" SSLv3 as disabled. Could somebody, perhaps, begin reviewing it and/or comment even before it is formally filed with Bugzilla? I searched there, but could not find anything relevant... Thanks! Yours, -mi