[exim-dev] SSLv2 and Exim 4.80

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Subject: [exim-dev] SSLv2 and Exim 4.80
Crap! I'd meant to disable SSLv2 by default for Exim 4.80, per RFC
6176, "Prohibiting Secure Sockets Layer (SSL) Version 2.0". I asked on
mailops@, got stats, confirmed that SSLv3 is still around (but fading)
and SSLv2 is gone. Completely gone.

I see my openssl_disable_ssl2 branch only exists locally. Grr. Forgot
about it!

This is important, we've already got the "breaking some backwards
compatibility" release, and AFAICT, SSLv2 is unused. In addition, note
that GnuTLS does not support, and never has supported, SSLv2.

I am going to pull in the feature, test, but probably not cut RC7 just
for this.

-Phil