FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 07-19-2010, 09:22 PM
Scott Kitterman
 
Default really drop SSLv2

"Kees Cook" <kees@ubuntu.com> wrote:

>In 2008 there was discussion[1] about disabling SSLv2 in OpenSSL. The
>conclusion seemed favorable for it, and so it was attempted[2] in openssl
>0.9.8g-10.1ubuntu2 for Intrepid.
>
>Unfortunately, this change seems to have had no affect on the build, and
>SSLv2 has remained available. I would like to propose fixing this for real
>now, and documenting the change in the SSL man pages.
>
>I'd like to point out that even as far back as Dapper, GnuTLS has not
>supported SSLv2; IMO, it is high time to make it go away for OpenSSL too.
>
>The attached debdiff would disallow the use of SSLv2 in any mode without
>wrecking the openssl library ABI.
>
>Thoughts?
>
>-Kees
>
>[1] https://lists.ubuntu.com/archives/ubuntu-server/2008-July/001976.html

Yes. Please. Make it die.

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 07-19-2010, 10:06 PM
Kees Cook
 
Default really drop SSLv2

Hi Laurent,

On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:
> Le Mon, 19 Jul 2010 14:12:15 -0700,
> Kees Cook <kees@ubuntu.com> a écrit :
>
> > Thoughts?
>
> Shouldn't this be coordinated with Debian?

Yes, if there isn't strong objection in Ubuntu, my next step would be to
propose it to Debian as well.

-Kees

--
Kees Cook
Ubuntu Security Team

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 07-19-2010, 10:09 PM
Eric Peters
 
Default really drop SSLv2

Like Scott*said*make it die! But I*guarantee*it's going to break something, what that something is the question.
Cheers,Eric

On Mon, Jul 19, 2010 at 3:06 PM, Kees Cook <kees@ubuntu.com> wrote:

Hi Laurent,



On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:

> Le Mon, 19 Jul 2010 14:12:15 -0700,

> Kees Cook <kees@ubuntu.com> a écrit :

>

> > Thoughts?

>

> Shouldn't this be coordinated with Debian?



Yes, if there isn't strong objection in Ubuntu, my next step would be to

propose it to Debian as well.



-Kees



--

Kees Cook

Ubuntu Security Team



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 04:43 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org