Re: [exim-dev] SSLv2 and Exim 4.80

On 28/05/12 15:06, Phil Pennock wrote:
> Crap! I'd meant to disable SSLv2 by default for Exim 4.80, per RFC
> 6176, "Prohibiting Secure Sockets Layer (SSL) Version 2.0". I asked on
> mailops@, got stats, confirmed that SSLv3 is still around (but fading)
> and SSLv2 is gone. Completely gone.
>
> I see my openssl_disable_ssl2 branch only exists locally. Grr. Forgot
> about it!
>
> This is important, we've already got the "breaking some backwards
> compatibility" release, and AFAICT, SSLv2 is unused. In addition, note
> that GnuTLS does not support, and never has supported, SSLv2.
>
> I am going to pull in the feature, test, but probably not cut RC7 just
> for this.
>
> -Phil
>

If it's new code, I would still think that it would want to go into an
RC before 4.80 release just in case there's something unexpected in there.

Maybe make Wed another RC just to check that everything is still ok?
Saves releasing 4.81 on Thursday.