As I understand it, the issue isn’t actually about SSLv2 itself. It’s that clients that support SSLv2 use an old handshake format. In that handshake, they can advertise support for SSLv3 and maybe even TLS 1. So if crypto/tls added support for the handshake but not the rest of SSLv2, they could successfully negotiate an SSLv3 connection.
Of course, now that SSLv3 is deprecated, it’s not very likely that support for these old handshakes will be added. Andy > On Sep 18, 2019, at 1:41 AM, Anthony Martin <al...@pbrane.org> wrote: > > Prabhash Rathore <prabhashrath...@gmail.com> once said: >> Looking at comment, it seems Golang does not support SSLv2 and SSLV3. > > The crypto/tls package can support SSLv3 if you set tls.Config.MinVersion > to tls.VersionSSL30, but only as a server. > >> I am reaching out to see if there is anyway possible to add support for >> older SSL versions or if there are any workarounds. In SMTP world, there >> are lots of clients who still use old SSL builds and we would like to be >> able to support them on our MTA servers. > > I think it's unlikely that SSLv2 will be supported. There is a very > old discussion about this at https://github.com/golang/go/issues/3930 > that you might want to check out. > > Cheers, > Anthony > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/20190918084123.GA4577%40alice. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/489171A3-403D-43C6-B28C-5B29E1BEB61B%40gmail.com.
