Kees Cook wrote: > If we consider such things to be a corner-cases, I would say that > disabling SSLv2 in openssl makes sense -- we should provide a safe set > of crypto function by default.
While I fully agree about this on the principle, I would disagree if the method was to disable this at compile time in OpenSSL. I would consider a conf file modification acceptable for the corner cases, not a recompile. I am not sure which method was suggested by Ante to do the change, though. Nick
signature.asc
Description: OpenPGP digital signature
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
