Hi,

Please create a pull request for the necessary changes, ACE is hosted
upstream at https://github.com/DOCGroup/ATCD/.

Best regards,

Johnny Willemsen
Remedy IT

On 11/07/2015 01:12 PM, Kurt Roeckx wrote:
> Source: ace
> Version: 6.3.2+dfsg-1
> Severity: serious
> Control: block 797926 by -1
> 
> Ace has various code that can use functions like
> SSLv3_client_method().  For SSL2 you currently already do
> use OPENSSL_NO_SSL2.  Please also use OPENSSL_NO_SSL3 to remove
> support for the SSLv3 methods.
> 
> It seems that by default you use SSLv3_method().  Please use
> SSLv23_method() by default.  Only the SSLv23_* methods support
> multiple version of the protocol, while things like SSLv3_* will
> only support that specific protocol version.
> 
> In the long run, we're going to remove all the version specific
> methods so only the current SSLv23_* methods will keep existing.
> (It has been renamed to TLS_* in the master branch.)  So I
> recommend that you get rid of all the other version specific
> functions.
> 
> It seems you already have support for limiting the versions of
> SSLv23_* by using things like SSL_OP_NO_SSLv3.
> 
> 
> Kurt
> 
> _______________________________________________
> Pkg-ace-devel mailing list
> pkg-ace-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ace-devel
> 

Reply via email to