You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2014/10/20 20:13:08 UTC

[Bug 7093] New: Incorrect use of SSLv3

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7093

            Bug ID: 7093
           Summary: Incorrect use of SSLv3
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: spamc/spamd
          Assignee: dev@spamassassin.apache.org
          Reporter: marc.deslauriers@canonical.com

The following commit is incorrect:

https://github.com/apache/spamassassin/commit/87caaa37615318eaa8940a5c6f3d6065cedd86d1

This makes spamassassin use SSLv3 by default, and does _not_ do what is
documented:

"The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
higher hello handshake, then negotiating use of SSLv3 or TLSv1
protocol if the client can accept it."

See downstream bug report:
https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1383415

-- 
You are receiving this mail because:
You are the assignee for the bug.