[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: matrixssl

Christopher Samuel <samuel@unimelb.edu.au> writes:

> I found that error reported in an unrelated bug report, the solution
> seems to be:
> https://bugs.contribs.org/show_bug.cgi?id=7664#c4

Thanks for this. Finally got it working...

...BUT matrixssl is SSLv3 only. openssl in sid - which seems to be
required for the exploit patch - doesn't support SSLv3. So it errors out
instead of connecting.

openssl from wheezy doesn't work either, unless you pass the -ssl3
parameter to "openssl s_client".

Wonder if it is actually worth fixing a security bug in a library that
only supports an known insecure protocol.

Ok, managed to rebuild the Debian package with ssl3 support enabled. It
appears to work. Will try the exploit. Still leaves me wondering if it
is actually worth fixing security issues in matrixssl.
Brian May <bam@debian.org>

Reply to: