sslv2 and openssl 1.0
Hi,
openssl 1.0.0-d is in unstable and by default disables
sslv2 methods, so what's the correct decision to make, regarding
packages that use ssl as client or server :
1) patch package to disable code that use sslv2, and explain
why in README.Debian.
People might complain about old sslv2 clients in case the
packaged software is a server (telepathy-*, web servers)
2) continue using sslv2 until upstream drops it
(using some unknown flag to enable it at build time)
In the case that concerns me, it's easy to do 1), but i believe
it's up to the users to choose, so i'd rather do 2).
However, i know how to disable it with -DOPENSSL_NO_SSL2,
but not how to enable it.
Jérémy Lal
Reply to: