Hi Ralf and Kalle, @Ralf: Thanks for raising this issue!
@Kalle: Thanks for the detailed analysis! Kalle wrote: > If you want to prevent Kannel from using SSLv2 and SSLv3, I guess > Kannel could be changed to call SSL_CTX_set_options or SSL_set_options > with SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 options. It would perhaps be > easiest to do that to global_ssl_context and global_server_ssl_context > so that the options apply to all SSL objects. Is there any scenario > in which one would want to support SSLv3 on some connections but not > on all? Assuming your analysis is correct, it seems to me that best way forward would be to suggest upstream to have a configuration option to pass flags to OpenSSL. Would either of you do that? Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature

