-Message d'origine-
De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de
Viktor Dukhovni
Envoyé : mercredi 16 mars 2016 23:40
À : openssl-users@openssl.org
Objet : Re: [openssl-users] About no-ssl2
...
> In what release?
Sorry, I forgot to mention :
>The problem is the concept itself since it will require every app to have
>coded into it when a given feature was removed should it attempt to support it
>when present.
Yes.
It dates back to the very early days (when SSLeay was developed on clay
tablets), when the default was "get it all" an
On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> IMHO, whether SSL2 is completly removed or disabled, I would have expected
> opensslconf.h to reflect the situation to applications.
In what release?
> But now, it just contains :
>
> #ifndef OPENSSL_NO_SSL3
>
> # define OPENSSL_NO_SSL
On 16 March 2016 at 22:39, Viktor Dukhovni
wrote:
> On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable
> with OPENSSL_NO_SSL2. The "OPENSSL_NO_..." macros specify disabled
> features, not deleted code.
>
That's the maj
Hi,
IMHO, whether SSL2 is completly removed or disabled, I would have expected
opensslconf.h to reflect the situation to applications.
But now, it just contains :
#ifndef OPENSSL_NO_SSL3
# define OPENSSL_NO_SSL3
#endif
Was it really intended ?
Regards,
Michel.
--
openssl-u
On Wed, Mar 16, 2016 at 10:52:39PM +, Richard Moore wrote:
> On 16 March 2016 at 22:39, Viktor Dukhovni
> wrote:
>
> > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable
> > with OPENSSL_NO_SSL2. The "OPENSSL_NO_.
On 16 March 2016 at 22:58, Viktor Dukhovni
wrote:
> On Wed, Mar 16, 2016 at 10:52:39PM +, Richard Moore wrote:
>
> > On 16 March 2016 at 22:39, Viktor Dukhovni
> > wrote:
> >
> > > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> > > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so
