Hi, Please create a pull request for the necessary changes, ACE is hosted upstream at https://github.com/DOCGroup/ATCD/.
Best regards, Johnny Willemsen Remedy IT On 11/07/2015 01:12 PM, Kurt Roeckx wrote: > Source: ace > Version: 6.3.2+dfsg-1 > Severity: serious > Control: block 797926 by -1 > > Ace has various code that can use functions like > SSLv3_client_method(). For SSL2 you currently already do > use OPENSSL_NO_SSL2. Please also use OPENSSL_NO_SSL3 to remove > support for the SSLv3 methods. > > It seems that by default you use SSLv3_method(). Please use > SSLv23_method() by default. Only the SSLv23_* methods support > multiple version of the protocol, while things like SSLv3_* will > only support that specific protocol version. > > In the long run, we're going to remove all the version specific > methods so only the current SSLv23_* methods will keep existing. > (It has been renamed to TLS_* in the master branch.) So I > recommend that you get rid of all the other version specific > functions. > > It seems you already have support for limiting the versions of > SSLv23_* by using things like SSL_OP_NO_SSLv3. > > > Kurt > > _______________________________________________ > Pkg-ace-devel mailing list > pkg-ace-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ace-devel >
