Opened 9 years ago

Closed 9 years ago

#50865 closed enhancement (wontfix)

openssl: variant with SSLv2 support?

Reported by: udbraumann Owned by: neverpanic (Clemens Lang)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: larryv (Lawrence Velázquez), vallon (Justin)
Port: openssl

Description

As openssl 1.0.2g has no longer SSLv2 enabled by default, I wonder if a variant could be made wich re-enables SSLv2 during configure time? E.g. the port sslscan cannot be build anymore if SSLv2 is turned off: #50855

Change History (7)

comment:1 Changed 9 years ago by mf2k (Frank Schima)

Cc: cal@… removed
Keywords: sslv2 removed
Owner: changed from macports-tickets@… to cal@…
Version: 2.3.4

comment:2 Changed 9 years ago by neverpanic (Clemens Lang)

Given the security issues in SSLv2 I would like to avoid offering the possibility to make your own system insecure, especially since installing openssl +ssl2 would not only affect sslscan.

Larry, what's your opinion on this?

comment:3 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

I agree. Fix sslscan instead.

comment:4 Changed 9 years ago by vallon (Justin)

#50872 is a build failure of courier-imap.

How are clients (of openssl) supposed to handle the deprecation of SSLv2_method? What is the proper procedure for removing the call to the removed function? Assume I know nothing about the openssl API.

The alternative is to upgrade to courier-imap latest release, and complain to their maintainer if it doesn't build against openssl latest.

comment:5 in reply to:  2 Changed 9 years ago by larryv (Lawrence Velázquez)

Replying to cal@…:

Larry, what's your opinion on this?

I concur with you and Ryan: I don’t like the idea of letting users backslide on this. Plus, upstream is planning to remove SSLv2 entirely by 1.1.0, so incompatible ports will have to be fixed anyway. If there are many such ports, we could use this ticket to keep track of the work.

comment:6 Changed 9 years ago by vallon (Justin)

Cc: JustinVallon@… added

Cc Me!

comment:7 Changed 9 years ago by neverpanic (Clemens Lang)

Resolution: wontfix
Status: newclosed

courier-imap is being handled in #50872. sslscan will have to be fixed upstream. Closing this as wontfix since we all agree that we should no longer provide SSLv2.

Note: See TracTickets for help on using tickets.