thoughts on openssl update

Jan Holzhueter jh at opencsw.org
Wed Mar 2 15:36:07 CET 2016


Hi,
as posted to users list I was kind of to quick with rebuild of the new
openssl. As I thought like many there will be not much stuff out there
still using the sslv2* functions.
Seems like I was wrong.
http://ptribble.blogspot.de/2016/03/moving-goalposts-with-openssl.html
http://lists.omniti.com/pipermail/omnios-discuss/2016-March/006463.html

I'm not sure what might be broken. e.g. curl wget etc will probably only
explode if they try sslv2 connection but other stuff might check all the
time.
So whats your take?
Stay with sslv2 disabled. And rebuild stuff that explodes.
Or enable sslv2 for the time beeing. Or do a cleanup/rebuild with the
openssl 1.0.2 that I'm working on anyway. ?

Anyone with some time could run through our stuff to check for
SSLv2_client_method
SSLv2_method
SSLv2_server_method

Those would need a rebuild.

I'm not sure though since our libssl has elf versions if those would
just show up in general on everything linked with libssl.

@Maciej do we might even have that info in pkgdb (maybe just not exposed)

Greetings
Jan






More information about the maintainers mailing list