On 06.11.2014 16:35, Viktor Dukhovni wrote:
On Thu, Nov 06, 2014 at 03:31:10PM +0100, Richard K?nning wrote:
Well, the ClientHello message only allows to advertise the highest protocol
version the client speaks, it is expected that the client speaks also all
lower versions.
The client uses t
On Thu, Nov 06, 2014 at 03:31:10PM +0100, Richard K?nning wrote:
> Well, the ClientHello message only allows to advertise the highest protocol
> version the client speaks, it is expected that the client speaks also all
> lower versions.
The client uses the lowest supported version at the *record
On 05.11.2014 17:00, Viktor Dukhovni wrote:
On Wed, Nov 05, 2014 at 12:18:05PM +, Philip Bellino wrote:
Jeffrey,
May I ask why you included "no-ssl2" as an option to "config?
Is only adding "no-ssl3" not sufficient enough to fully disable SSLv3?
No. If you leave SSLv2 enabled, and disab
On Wed, Nov 05, 2014 at 12:18:05PM +, Philip Bellino wrote:
> Jeffrey,
> May I ask why you included "no-ssl2" as an option to "config?
> Is only adding "no-ssl3" not sufficient enough to fully disable SSLv3?
No. If you leave SSLv2 enabled, and disable SSLv3, then in many
cases you always get
lf Of Jeffrey Walton
Sent: Wednesday, November 05, 2014 12:45 AM
To: OpenSSL Users List
Subject: Re: Query: Disabling SSLv3
> We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate
> POODLE risk.
> Could you please answer our following query, Definition of a function
>
> We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate POODLE
> risk.
> Could you please answer our following query,
> Definition of a function ssl23_get_client_method() in C file
> 'openssl-0.9.8zc/ssl/s23_clnt.c' shows,
> #ifndef OPENSSL_NO_SSL3
> if (ver == SSL3_VERSION
Hi,
We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate POODLE risk.
Could you please answer our following query,
Definition of a function ssl23_get_client_method() in C file
'openssl-0.9.8zc/ssl/s23_clnt.c' shows,
#ifndef OPENSSL_NO_SSL3
if (ver == SSL3_VERSION)
