> We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate POODLE
> risk.
> Could you please answer our following query,
> Definition of a function ssl23_get_client_method() in C file
> 'openssl-0.9.8zc/ssl/s23_clnt.c' shows,
> #ifndef OPENSSL_NO_SSL3
> if (ver == SSL3_VERSION)
> return(SSLv3_client_method());
> #endif
>
> So does this mean, 0.9.8zc needs to be built with -DOPENSSL_NO_SSL3 to block
> downgrading to SSLv3 in SSLv23_* functions ?
>
If you want to disable SSLv3 at configure time, then:
./config no-ssl2 no-ssl3 ...
The configure option will define OPENSSL_NO_SSL3.
See
http://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options
for more on the options.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
