Hi Can you tell me when 1.0.1t release or later will be made available with fixes for the following issues (see below). Disabling SSLv2 in a default build will break applications we have released that depended on SSLv2 by default like release 2.2.29 of Apache's httpd. We can change our SSL build but would rather have fixes in an official release.
Thanks. https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=CHANGES;h=d4e9887370c8733885851625a72301bc90275b2d;hb=refs/heads/OpenSSL_1_0_1-stable#l5 2 OpenSSL CHANGES 3 _______________ 4 5 Changes between 1.0.1s and 1.0.1t [xx XXX xxxx] 6 7 *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the 8 default. 9 [Kurt Roeckx] 10 11 *) Only remove the SSLv2 methods with the no-ssl2-method option. When the 12 methods are enabled and ssl2 is disabled the methods return NULL. 13 [Kurt Roeckx]
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
