[Pkg-ace-devel] Fwd: [Bug 3958] debian doesn't ship sslv2 anymore
Johnny Willemsen
jwillemsen at remedy.nl
Tue May 24 19:01:39 UTC 2011
Hi,
Just given you permissions for bugzilla.
Johnny
On 05/24/2011 08:58 PM, Pau Garcia i Quiles wrote:
> On Tue, May 24, 2011 at 8:50 PM, Thomas Girard <thomas.g.girard at free.fr> wrote:
>
>>> After a few hours on this last weekend, I think my initial solution is
>>> the right one but only because it preserves the same odd aproach ACE
>>> has: send junk, get SSLv3.
>>
>> Ok. Then let's upload it.
>
> Thank you
>
>>> Defaulting to anything else (i. e. not establishing SSLv3 connection)
>>> would be safer but would also break upstream's default behavior. In
>>> fact, IMHO the "SSLv3 by default" behavior may even lead to DoS
>>> attacks by exhaustion of resources on the server side :-/ Maybe I
>>> should open a bugreport asking to change this default?
>>
>> I believe commenting on [1] should do.
>>
>> [1] http://bugzilla.dre.vanderbilt.edu/show_bug.cgi?id=3958
>
> Apparently I do not have permission to add comments: "you are not
> permitted to edit bugs in product ACE" :-/
>
More information about the Pkg-ace-devel
mailing list