If there are any packages that uses SSLv2 by default you might want to
file a security bug to get them fixed. I believe SSLv2 is really that
bad, it just gives a false sense of security.
/Simon
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". T
> For the record, the various Telepathy daemons typically act as SSL clients
> (where their various protocols support SSL at all), rather than SSL
> servers; for instance, telepathy-gabble not supporting SSLv2 would only be
> a problem if connecting to a SSLv2-only XMPP server.
Well since ssl2 is n
On Sun, Apr 03, 2011 at 02:52:17AM +0200, Jérémy Lal wrote:
> Hi,
>
> openssl 1.0.0-d is in unstable and by default disables
> sslv2 methods, so what's the correct decision to make, regarding
> packages that use ssl as client or server :
>
> 1) patch package to disable code that use sslv2, and ex
On Sun, 03 Apr 2011 at 02:52:17 +0200, Jérémy Lal wrote:
>People might complain about old sslv2 clients in case the
>packaged software is a server (telepathy-*, web servers)
For the record, the various Telepathy daemons typically act as SSL clients
(where their various protocols support SS
On Saturday, April 02, 2011 08:52:17 PM Jérémy Lal wrote:
> Hi,
>
> openssl 1.0.0-d is in unstable and by default disables
> sslv2 methods, so what's the correct decision to make, regarding
> packages that use ssl as client or server :
>
> 1) patch package to disable code that use sslv2, and expl
Hi,
openssl 1.0.0-d is in unstable and by default disables
sslv2 methods, so what's the correct decision to make, regarding
packages that use ssl as client or server :
1) patch package to disable code that use sslv2, and explain
why in README.Debian.
People might complain about old sslv2 cl
6 matches
Mail list logo
