On 06/14/2013 03:31 PM, Dr. Stephen Henson wrote:
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared libraries are updated to include the patch existing applications wont set it: they'd all need to be recompiled.
That's a valid point.
Possibly alternative is to reuse one of the existing *ancient* flags. Does anyone really care about compatibility with a bug in SSLeay 0.80 for example?
Wouldn't it be better to reverse the meaning of the flag and not set it in SSL_OP_ALL?
-- Florian Weimer / Red Hat Product Security Team ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List email@example.com Automated List Manager majord...@openssl.org