On 05.11.2014 17:00, Viktor Dukhovni wrote:
On Wed, Nov 05, 2014 at 12:18:05PM +, Philip Bellino wrote:
Jeffrey,
May I ask why you included no-ssl2 as an option to config?
Is only adding no-ssl3 not sufficient enough to fully disable SSLv3?
No. If you leave SSLv2 enabled, and disable
On Thu, Nov 06, 2014 at 03:31:10PM +0100, Richard K?nning wrote:
Well, the ClientHello message only allows to advertise the highest protocol
version the client speaks, it is expected that the client speaks also all
lower versions.
The client uses the lowest supported version at the *record
On 06.11.2014 16:35, Viktor Dukhovni wrote:
On Thu, Nov 06, 2014 at 03:31:10PM +0100, Richard K?nning wrote:
Well, the ClientHello message only allows to advertise the highest protocol
version the client speaks, it is expected that the client speaks also all
lower versions.
The client uses
: Wednesday, November 05, 2014 12:45 AM
To: OpenSSL Users List
Subject: Re: Query: Disabling SSLv3
We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate
POODLE risk.
Could you please answer our following query, Definition of a function
ssl23_get_client_method() in C file 'openssl-0.9.8zc
On Wed, Nov 05, 2014 at 12:18:05PM +, Philip Bellino wrote:
Jeffrey,
May I ask why you included no-ssl2 as an option to config?
Is only adding no-ssl3 not sufficient enough to fully disable SSLv3?
No. If you leave SSLv2 enabled, and disable SSLv3, then in many
cases you always get SSLv2!
We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate POODLE
risk.
Could you please answer our following query,
Definition of a function ssl23_get_client_method() in C file
'openssl-0.9.8zc/ssl/s23_clnt.c' shows,
#ifndef OPENSSL_NO_SSL3
if (ver == SSL3_VERSION)