On Thu, Oct 23, 2014 at 12:18:22AM +0200, Vincent Lefevre wrote: > On 2014-10-22 18:30:04 +0200, Kurt Roeckx wrote: > > On Wed, Oct 22, 2014 at 10:19:44AM +0200, Vincent Lefevre wrote: > > > > s_client is a debug tool > > > > > > Yes, a debug tool (or test tool), and that's why the -ssl3 option > > > is useful in this particular case. > > > > It's non-obvious to have to library not support SSL v3 but have > > the tools still support it. > > The library could still support SSL v3. I don't know how the API > is designed, but I suppose that the protocol could be turned off > by default, so that it would not be used unless the application > requests it explicitly.
Applications can request is explicitly. They shouldn't, and I don't want them to do that. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org