----- Original message ----- > The diff below from sthen@ disables the SSLv2 support within the > OpenSSL stack. > > All the browsers and almost all web servers / proxies and other apps > do or have added their own bits of code over the years to explicitly > disable the SSLv2 support and anything using SSL should be disabling > SSLv2 anyway. It has been deprecated since 1996. With all of its > security issues I think it would be best to disable the SSLv2 support > all together within OpenSSL. > > This has been through ports bulks and a handful of ports were fixed > due to the SSLv2 API removal. The ports tree is Ok now. > > Comments? OK?
djm@ replied to my direct e-mail to him from a few days ago and said he had no objection to this going in. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
