On 08/14/2010 09:11 PM, Stefan de Konink wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Steve,
Op 15-08-10 01:52, Dr. Stephen Henson schreef:
OpenSSL 1.0.0 doesn't include any SSLv2 cipersuites by default and new logic
means it doesn't send out an SSLv2 compatible client hello if it will never
use SSLv2. That effectively disables SSLv2 by default. Try a cipher
string that explicitly enables some SSLv2 ciphers.
Could you elaborate why this did work out of the box in 0.9.8 and breaks
with 1.0.0. Basically I found out that this site only seems to accept
SSLv2. Of course I can specify what protocol to use manually, (I
actually hacked the httplib in Python for it already), but from
usability point of view: why did this break?
Is it possible to configure to use SSLv2 anyway?
Stefan
Stefan,
SSLv2 should no longer be used. It's old, weak and it has been
deprecated. Anyone still using it needs a swift kick in the rear (Much
like anyone using Windows ME and below). It's like guarding a million
dollars with only a chain lock.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
