Bug#767663: openssl: completly drop SSLv3 support in jessie
Package: release.debian.org
Severity: normal
Hi,
SSLv3 has been disabled in jessie already, at least for normal
usage. But there is a way to explictly create a socket that only
support SSLv3 and I would like to disable that too.
This is done by the functions SSLv3_method(),
SSLv3_server_method() and SSLv3_client_method(). There are 2
methods of actually doing this:
- Make the function return NULL. This will then result in a
failure later.
- Remove the functions making things fail at for instance link
time.
I do not want to support SSLv3 in jessie.
Kurt
Reply to: