On Mon, Dec 15, 2014 at 10:16 AM, jungle Boogie <[email protected]> wrote: > > Hi Scott, > On 5 December 2014 at 12:03, Scott Robison <[email protected]> > wrote: > > I believe you can disable this in OpenSSL at configure / build time. > no-ssl2 > > & no-ssl3 are both options. If the library used doesn't support SSLvX > then > > the application using it can't support it either. > > Take a look at this patch: > > http://www3.fossil-scm.org/site.cgi/vpatch?from=1f498a6ef26bb814&to=ea1d369d23c68f79 > > It would be great if this patch could be applied to disable ssl2 and ssl3. >
Hopefully someone familiar with the code (DRH? Stephen? Bueller?) will take a look and decide if this is appropriate / desirable. I'm too low on the totem pole to make such decisions myself. :) SDR
_______________________________________________ fossil-dev mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/fossil-dev
