[openssl-dev] 1.0.1t ?
Suarez, Miguel
Miguel.Suarez at stratus.com
Wed Mar 23 16:00:33 UTC 2016
Hi
Can you tell me when 1.0.1t release or later will be made available with fixes for the following issues (see below).
Disabling SSLv2 in a default build will break applications we have released that depended on SSLv2 by default like release 2.2.29 of Apache's httpd.
We can change our SSL build but would rather have fixes in an official release.
Thanks.
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=CHANGES;h=d4e9887370c8733885851625a72301bc90275b2d;hb=refs/heads/OpenSSL_1_0_1-stable#l5
2 OpenSSL CHANGES
3 _______________
4
5 Changes between 1.0.1s and 1.0.1t [xx XXX xxxx]
6
7 *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
8 default.
9 [Kurt Roeckx]
10
11 *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
12 methods are enabled and ssl2 is disabled the methods return NULL.
13 [Kurt Roeckx]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160323/7918d349/attachment-0001.html>
More information about the openssl-dev
mailing list