Christopher Samuel <sam...@unimelb.edu.au> writes: > I found that error reported in an unrelated bug report, the solution > seems to be: > > https://bugs.contribs.org/show_bug.cgi?id=7664#c4
Thanks for this. Finally got it working... ...BUT matrixssl is SSLv3 only. openssl in sid - which seems to be required for the exploit patch - doesn't support SSLv3. So it errors out instead of connecting. openssl from wheezy doesn't work either, unless you pass the -ssl3 parameter to "openssl s_client". Wonder if it is actually worth fixing a security bug in a library that only supports an known insecure protocol. Ok, managed to rebuild the Debian package with ssl3 support enabled. It appears to work. Will try the exploit. Still leaves me wondering if it is actually worth fixing security issues in matrixssl. -- Brian May <b...@debian.org>
