On Wed, Jun 04, 2014 at 10:45:59AM +0200, Tomas Mraz wrote:
> SSLv2 is disabled by default, however when you use the ALL cipher list
> which is of course something you should not do but it happened in perl
> LDAP module the SSLv2 ciphers are added to the cipherlist and SSLv2
> client hello is used.
In Postfix, I use the "ALL" cipherlist, but I also pass SSL_OP_NO_SSLv2
to SSL_CTX_set_options(). If you can append exclusions to the cipherlist,
you can use 'ALL:...:!SSLv2'.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
