On 16 March 2016 at 22:58, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
> On Wed, Mar 16, 2016 at 10:52:39PM +0000, Richard Moore wrote: > > > On 16 March 2016 at 22:39, Viktor Dukhovni <openssl-us...@dukhovni.org> > > wrote: > > > > > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote: > > > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable > > > with OPENSSL_NO_SSL2. The "OPENSSL_NO_..." macros specify disabled > > > features, not deleted code. > > > > > > > That's the major flaw of the current design of flagging when features > are > > disabled rather than when they're present. I'm sure you'll get plenty > more > > reports like this. > > Use feature probing via autoconf, or just: > > #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_NO_SSL2) > /* SSLv2 available */ > #else > /* SSLv2 not available */ > #endif > > Better yet, drop support for SSLv2, and then you don't care whether OpenSSL > provides it or not. > > SSL2 is simply an example of this issue, the same applies to others eg. it will no doubt occur in future for NPN since ALPN has replaced it. The problem is the concept itself since it will require every app to have coded into it when a given feature was removed should it attempt to support it when present. Rich.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users