[Pkg-ace-devel] SSLv2

Johnny Willemsen jwillemsen at remedy.nl
Wed Apr 27 08:04:24 UTC 2011


Hi,

I created a bugzilla issue for ACE, not sure when we get to that.

Johnny

On 04/27/2011 12:10 AM, Pau Garcia i Quiles wrote:
> On Tue, Apr 26, 2011 at 10:54 AM, Johnny Willemsen <jwillemsen at remedy.nl> wrote:
>> Hi,
>>
>>> Given that ACE already supports SSLv2, I am now looking into disabling
>>> the SSLv2 code in ACE 6.0.2 to get it to build on Wheezy. Johnny, do
>>> you have any plans on this matter?
>>
>> Not a this moment. I assume you mean that ACE supports SSLv3 and want to
>> disable SSLv2?
> 
> Yes, I mean exactly that.
> 
> I am using this patch:
> 
> https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=pkg-ace/pkg-ace.git;a=blob_plain;f=debian/patches/35_disable_sslv2.dpatch;hb=HEAD
> 
> to do that in 6.0.1 and 6.0.2. I think I am not breaking anything,
> apart from SSLv2 not working anymore, which might lead to some
> interoperability problems.
> 
> I don't know if we should add a note in README.Debian saying we have
> removed SSLv2 support because it's insecure. I'm all in favor of it,
> but SSLv2 has been removed everywhere in Debian, so I'm not sure it
> makes sense to add to ACE a note that should actually be
> Debian-global.
> 




More information about the Pkg-ace-devel mailing list