On sab, nov 08, 2014 at 01:15:14 +0100, Kurt Roeckx wrote: > Package: curl > Severity: important > Tags: patch > > Hi, > > I would like to get rid of the SSLv3 methods in openssl.
Is this a jessie objective? If not, it will have to wait until after the freeze. > The patch brings curl in the same state as for SSLv2 in that it > doesn't try and use SSLv3 methods when openssl is build without > SSLv3 support. The patch you posted is incomplete (there's another switch that needs to be ifdeffed). I'll try to put something together and forward it upstream. Anyway, note that there are still quite a bit of SSLv3-only servers (particularly Windows servers) that don't work with TLSv1.x at all (like, they even fail during the handshake if you dare propose TLS1 to them). Cheers
signature.asc
Description: Digital signature
