That's odd, because I used a similar patch on an older openssl version (one that doesn't know TLSv1.1 or TLSv1.2) on which I disabled support on both SSLv2/SSLv3 and I was still able to use SSL clients and servers linked with openssl library I built.
On Fri, Oct 31, 2014 at 11:45 AM, Hubert Kario via RT <[email protected]> wrote: > On Thursday 30 October 2014 23:26:15 Alin Năstac via RT wrote: >> Some SSLv3 parts (e.g. SSLv3 ciphers) > > SSLv3 ciphers can be used with any version of TLS from TLSv1.0 to TLSv1.2 > > if you remove ciphers that are marked as "SSLv3", you actually remove all > ciphers that can be used with TLSv1.0 and TLSv1.1, as such, the only protocol > version that will continue to work is TLSv1.2 > > I'm quite sure that's not the expected behaviour of no-ssl3 flag > -- > Regards, > Hubert Kario > Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
