Hi,
We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate POODLE risk.
Could you please answer our following queries,
1. Will 0.9.8zc allow following methods to fallback to SSLv3 ?
SSLv23_method(void),
SSLv23_server_method(void),
SSLv23_client_method(void)
2. Definition of a function ssl23_get_client_method() in C file
'openssl-0.9.8zc/ssl/s23_clnt.c' shows,
#ifndef OPENSSL_NO_SSL3
if (ver == SSL3_VERSION)
return(SSLv3_client_method());
#endif
Does this mean, 0.9.8zc needs to be built with -DOPENSSL_NO_SSL3 to block
downgrading to SSLv3 in SSLv23_* functions ?
Regards,
Nimesh
