https://github.com/openssl/openssl/pull/395 Closing ticket.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Wed 2016-06-15 09:51:37 -0400, Salz, Rich wrote:
> I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed.
> Matt and I disagree :)
Isn't the existence of SSLv2 a bug? ;)
--dkg
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 15/06/16 16:31, Daniel Kahn Gillmor wrote:
> On Wed 2016-06-15 09:51:37 -0400, Salz, Rich wrote:
>> I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed.
>> Matt and I disagree :)
>
> Isn't the existence of SSLv2 a bug? ;)
Fixed in OpenSSL 1.1.0 :-)
Matt
--
openssl-dev
I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed. Matt and
I disagree :)
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
We are patched locally and don’t really need the patch integrated upstream; I
mostly just wanted to note the issue in the bugtracker in case someone else ran
into it.
-Ben
On 6/15/16, 08:09, "Salz, Rich via RT" wrote:
>So are we still fixing SSLv2 bugs? Or are they too low
We are patched locally and don’t really need the patch integrated upstream; I
mostly just wanted to note the issue in the bugtracker in case someone else ran
into it.
-Ben
On 6/15/16, 08:09, "Salz, Rich via RT" wrote:
>So are we still fixing SSLv2 bugs? Or are they too low
On 15/06/16 13:09, Salz, Rich via RT wrote:
> So are we still fixing SSLv2 bugs? Or are they too low on the priority list?
They're certainly low priority, but we are still fixing them.
Matt
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
So are we still fixing SSLv2 bugs? Or are they too low on the priority list?
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
On Tue Jun 14 20:42:36 2016, rsalz wrote:
> SSLv2 is not supported any more.
Uyes it is on the 1.0.2 branch? It is off by default though.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038
Please log in as guest with password guest if prompted
--
openssl-dev
SSLv2 is not supported any more.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
SSLv2 support has been removed from master, but is still present in 1.0.2.
Adding a range check in ssl_get_prev_session() broke the SSLv2 codepath
because it supplied NULL as the 'limit' parameter that had not
previously been used for SSLv2 (or v3), so the fix is just to supply a
non-NULL limit.
11 matches
Mail list logo