On 2005-10-12, at 12:10 :19, Peter Jeremy wrote:
On Tue, 2005-Oct-11 09:45:53 -0700, Jacques Vidrine wrote:
On Oct 11, 2005, at 7:25 AM, Ian G wrote:
Isn't the workaround obviously to switch off V2?
Yes. Sorry that wasn't mentioned.
That sounds like a good workaround. How do I implement it? I've
looked through the documentation and can't find any reference to a
runtime OpenSSL configuration file that would let me do this.
I'm not aware of a global option for OpenSSL, either. Disabling
SSLv2 would need to be handled by the application, i.e. turn off
SSLv2 for each of your SSL/TLS applications. Cheers,
--
Jacques Vidrine <[EMAIL PROTECTED]>
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
