On Sat, Oct 18, 2014 at 01:06:29PM +0100, rbsec wrote: > Kurt, > > Just realised that I'd replied to you off-list - my bad. > > I'm not really sure where this should be logged as separate bug (or a > security issue?) - I'll leave that up to you guys.
So my current understanding is that sslscan uses SSLv3_client_method(), and that that is probably the only way to still set up an SSL 3.0 connection. I don't plan to bring back SSL 3.0 support, just assume that it's going to go away. sslscan also doesn't seem to support TLS 1.1 or higher for some reason? Kurt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
