Bug#767663: marked as done (openssl: completly drop SSLv3 support in jessie)

To: Julien Cristau <jcristau@debian.org>
Subject: Bug#767663: marked as done (openssl: completly drop SSLv3 support in jessie)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 08 Nov 2014 15:39:30 +0000
Message-id: <[🔎] handler.767663.D767663.14154611184508.ackdone@bugs.debian.org>
References: <20141108153835.GG2077@betterave.cristau.org> <[🔎] 20141101192121.GA25443@roeckx.be>

Your message dated Sat, 8 Nov 2014 15:38:35 +0000
with message-id <20141108153835.GG2077@betterave.cristau.org>
and subject line Re: Bug#767663: openssl: completly drop SSLv3 support in jessie
has caused the Debian Bug report #767663,
regarding openssl: completly drop SSLv3 support in jessie
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
767663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767663
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: openssl: completly drop SSLv3 support in jessie
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sat, 1 Nov 2014 20:21:21 +0100
Message-id: <[🔎] 20141101192121.GA25443@roeckx.be>

Package: release.debian.org
Severity: normal

Hi,

SSLv3 has been disabled in jessie already, at least for normal
usage.  But there is a way to explictly create a socket that only
support SSLv3 and I would like to disable that too.

This is done by the functions SSLv3_method(),
SSLv3_server_method() and SSLv3_client_method().  There are 2
methods of actually doing this:
- Make the function return NULL.  This will then result in a
  failure later.
- Remove the functions making things fail at for instance link
  time.

I do not want to support SSLv3 in jessie.


Kurt

--- End Message ---

--- Begin Message ---

To: Kurt Roeckx <kurt@roeckx.be>, 767663-done@bugs.debian.org

Subject: Re: Bug#767663: openssl: completly drop SSLv3 support in jessie

From: Julien Cristau <jcristau@debian.org>

Date: Sat, 8 Nov 2014 15:38:35 +0000

Message-id: <20141108153835.GG2077@betterave.cristau.org>

In-reply-to: <[🔎] 20141101192121.GA25443@roeckx.be>

References: <[🔎] 20141101192121.GA25443@roeckx.be>
On Sat, Nov  1, 2014 at 20:21:21 +0100, Kurt Roeckx wrote:

> Package: release.debian.org
> Severity: normal
> 
> Hi,
> 
> SSLv3 has been disabled in jessie already, at least for normal
> usage.  But there is a way to explictly create a socket that only
> support SSLv3 and I would like to disable that too.
> 
No, it's much too late for this, sorry.

Cheers,
Julien
Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to:

References:
- Bug#767663: openssl: completly drop SSLv3 support in jessie
  - From: Kurt Roeckx <kurt@roeckx.be>

Prev by Date: Bug#768579: marked as done (unblock: signing-party/1.1.10-3)
Next by Date: Processed: tagging 768012
Previous by thread: Bug#767663: openssl: completly drop SSLv3 support in jessie
Next by thread: Bug#767663: openssl: completly drop SSLv3 support in jessie
Index(es):
- Date
- Thread