On Út, 2014-06-03 at 16:41 +, Viktor Dukhovni wrote:
On Tue, Jun 03, 2014 at 06:01:03PM +0200, Tomas Mraz via RT wrote:
openssl advertises ECC ciphersuites in SSLv2 client hello if ssl23
method is used. This is incorrect because the TLS extensions that
indicate supported curves and
On Wed, Jun 04, 2014 at 10:45:59AM +0200, Tomas Mraz wrote:
SSLv2 is disabled by default, however when you use the ALL cipher list
which is of course something you should not do but it happened in perl
LDAP module the SSLv2 ciphers are added to the cipherlist and SSLv2
client hello is used.
On St, 2014-06-04 at 13:03 +, Viktor Dukhovni wrote:
On Wed, Jun 04, 2014 at 10:45:59AM +0200, Tomas Mraz wrote:
SSLv2 is disabled by default, however when you use the ALL cipher list
which is of course something you should not do but it happened in perl
LDAP module the SSLv2 ciphers
On Tue, Jun 03, 2014 at 06:01:03PM +0200, Tomas Mraz via RT wrote:
openssl advertises ECC ciphersuites in SSLv2 client hello if ssl23
method is used. This is incorrect because the TLS extensions that
indicate supported curves and point formats cannot be sent in SSLv2
client hello. The