On Thu, Oct 30, 2014 at 11:26:15PM +0100, Alin Nastac via RT wrote: > Some SSLv3 parts (e.g. SSLv3 ciphers) are built in even if ssl3 > support is disabled.
"SSLv3 ciphers" are not specific to SSLv3, they can also be used in TLS. no-ssl3 doesn't disable the SSL3 methods. That is, you can still call SSLv3_client_method() and set up an SSLv3 connection with that. It assumes that if you say that you want an SSLv3 connection that that is really what you want. There is work being done to have an option to also disable that, that looks very similar to your patch but then with a new configure option. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
