Commit [45f55f6] (Remove SSLv2 support, 2014-11-30) completely removed SSLv2 support and the commit message states "The only support for SSLv2 left is receiving a SSLv2 compatible client hello".
If people start using SSL_CONF_CTX as they are supposed to with v1.0.2, then it can be expected that users start using strings like, e.g. (from my thing), set ssl-protocol="ALL,-SSLv2" This results in the obvious problem that when they (get) upgrade(d) their OpenSSL library they will see a completely intransparent error message that no normal user will understand: SSL_CONF_CTX_cmd() failed:\ error:1414E180:SSL routines:SSL_CONF_CTX_cmd:bad value (Ah ja, my _CTX_ diff also works in practice.) I think it would be much better if at least a user request to explicitly disable SSLv2 is silently ignored. Another option would be to enhance the error message, of course... --steffen _______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
