Bug#797926: transition: openssl: remove SSLv3 methods
Package: release.debian.org
Hi,
I would like to remove the last support for SSLv3 in openssl.
This means that I'll be dropping 3 symbols from the shared
library:
SSLv3_method();
SSLv3_server_method();
SSLv3_client_method();
Those can still be used to set up SSLv3 connections, while using
the SSLv23_* methods won't talk SSLv3.
This change will result in the define OPENSSL_NO_SSL3_METHOD
becoming defined. Some software in Debian already checks for
either that define or the presence of the functions to enable
support for it or not. I find those changes very unfortunate,
they should just have dropped SSLv3 support completly.
My question is how you want to proceed with this. I see a few
options:
- Change the soname, rebuild everything against that new soname.
- Just drop the symbols, adding Breaks on at least some
packages like curl and python that are known to need a rebuild
against the changed headers.
As far as I know all the major packages making use of those
symbols should be fixed now, or have a fix available.
Kurt
Reply to: