[Pkg-ace-devel] Fwd: [Bug 3958] debian doesn't ship sslv2 anymore
Pau Garcia i Quiles
pgquiles at elpauer.org
Tue May 24 18:58:43 UTC 2011
On Tue, May 24, 2011 at 8:50 PM, Thomas Girard <thomas.g.girard at free.fr> wrote:
>> After a few hours on this last weekend, I think my initial solution is
>> the right one but only because it preserves the same odd aproach ACE
>> has: send junk, get SSLv3.
>
> Ok. Then let's upload it.
Thank you
>> Defaulting to anything else (i. e. not establishing SSLv3 connection)
>> would be safer but would also break upstream's default behavior. In
>> fact, IMHO the "SSLv3 by default" behavior may even lead to DoS
>> attacks by exhaustion of resources on the server side :-/ Maybe I
>> should open a bugreport asking to change this default?
>
> I believe commenting on [1] should do.
>
> [1] http://bugzilla.dre.vanderbilt.edu/show_bug.cgi?id=3958
Apparently I do not have permission to add comments: "you are not
permitted to edit bugs in product ACE" :-/
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
More information about the Pkg-ace-devel
mailing list