> We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate POODLE > risk. > Could you please answer our following query, > Definition of a function ssl23_get_client_method() in C file > 'openssl-0.9.8zc/ssl/s23_clnt.c' shows, > #ifndef OPENSSL_NO_SSL3 > if (ver == SSL3_VERSION) > return(SSLv3_client_method()); > #endif > > So does this mean, 0.9.8zc needs to be built with -DOPENSSL_NO_SSL3 to block > downgrading to SSLv3 in SSLv23_* functions ? > If you want to disable SSLv3 at configure time, then:
./config no-ssl2 no-ssl3 ... The configure option will define OPENSSL_NO_SSL3. See http://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options for more on the options. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org