You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2014/10/20 20:13:08 UTC
[Bug 7093] New: Incorrect use of SSLv3
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7093
Bug ID: 7093
Summary: Incorrect use of SSLv3
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: spamc/spamd
Assignee: dev@spamassassin.apache.org
Reporter: marc.deslauriers@canonical.com
The following commit is incorrect:
https://github.com/apache/spamassassin/commit/87caaa37615318eaa8940a5c6f3d6065cedd86d1
This makes spamassassin use SSLv3 by default, and does _not_ do what is
documented:
"The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
higher hello handshake, then negotiating use of SSLv3 or TLSv1
protocol if the client can accept it."
See downstream bug report:
https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1383415
--
You are receiving this mail because:
You are the assignee for the bug.