On 23/03/16 16:00, Suarez, Miguel wrote: > Hi > > > > Can you tell me when 1.0.1t release or later will be made available with > fixes for the following issues (see below).
1.0.1t does not currently have a planned release date. Releases are scheduled on an as-needed basis, typically (although not always) as a result of security defects being discovered. We normally only announce a release date for security fixes a few days in advance. Matt > > Disabling SSLv2 in a default build will break applications we have > released that depended on SSLv2 by default like release 2.2.29 of > Apache’s httpd. > > We can change our SSL build but would rather have fixes in an official > release. > > > > Thanks. > > > > https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=CHANGES;h=d4e9887370c8733885851625a72301bc90275b2d;hb=refs/heads/OpenSSL_1_0_1-stable#l5 > > > > 2 OpenSSL CHANGES > > 3 _______________ > > 4 > > 5 Changes between 1.0.1s and 1.0.1t [xx XXX xxxx] > > 6 > > 7 *) Remove LOW from the DEFAULT cipher list. This removes singles > DES from the > > 8 default. > > 9 [Kurt Roeckx] > > 10 > > 11 *) Only remove the SSLv2 methods with the no-ssl2-method option. > When the > > 12 methods are enabled and ssl2 is disabled the methods return NULL. > > 13 [Kurt Roeckx] > > > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
