On 2014-10-22 09:15:56 +0200, Kurt Roeckx wrote: > On Tue, Oct 21, 2014 at 06:33:50PM -0700, Nikolaus Rath wrote: > > After my last testing upgrade, openssl s_client has trouble accepting > > the -ssl3 and -ssl2 options. This prevents e.g. Gnus from using SSL > > to connect to mailservers. > > It shouldn't be using the -ssl3 option. The -ssl2 option has been > gone for a while. But SSL v3.0 is also insecure and you should > stop using it.
I agree that one should stop using SSL v3.0 for normal use, but the -ssl3 option would still be useful for testing servers, as in the example given here: https://linode.com/docs/security/security-patches/disabling-sslv3-for-poodle (which is no longer possible due to this bug). > I also think that it shouldn't be using s_client for anything. > s_client is a debug tool, and will not do what you expect. Yes, a debug tool (or test tool), and that's why the -ssl3 option is useful in this particular case. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
