[Pkg-ace-devel] Bug#804326: ace: FTBFS: SSLv3 methods removed
Kurt Roeckx
kurt at roeckx.be
Sat Nov 7 12:12:20 UTC 2015
Source: ace
Version: 6.3.2+dfsg-1
Severity: serious
Control: block 797926 by -1
Ace has various code that can use functions like
SSLv3_client_method(). For SSL2 you currently already do
use OPENSSL_NO_SSL2. Please also use OPENSSL_NO_SSL3 to remove
support for the SSLv3 methods.
It seems that by default you use SSLv3_method(). Please use
SSLv23_method() by default. Only the SSLv23_* methods support
multiple version of the protocol, while things like SSLv3_* will
only support that specific protocol version.
In the long run, we're going to remove all the version specific
methods so only the current SSLv23_* methods will keep existing.
(It has been renamed to TLS_* in the master branch.) So I
recommend that you get rid of all the other version specific
functions.
It seems you already have support for limiting the versions of
SSLv23_* by using things like SSL_OP_NO_SSLv3.
Kurt
More information about the Pkg-ace-devel
mailing list