Bug 7093 - Incorrect use of SSLv3
Summary: Incorrect use of SSLv3
Status: RESOLVED DUPLICATE of bug 7199
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamc/spamd (show other bugs)
Version: SVN Trunk (Latest Devel Version)
Hardware: PC Linux
: P2 normal
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
Depends on:
Reported: 2014-10-20 18:13 UTC by Marc Deslaurers
Modified: 2015-05-27 10:15 UTC (History)
1 user (show)

Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Deslaurers 2014-10-20 18:13:08 UTC
The following commit is incorrect:


This makes spamassassin use SSLv3 by default, and does _not_ do what is documented:

"The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
higher hello handshake, then negotiating use of SSLv3 or TLSv1
protocol if the client can accept it."

See downstream bug report:
Comment 1 Kevin A. McGrail 2015-05-27 10:15:23 UTC
combining related bugs.

*** This bug has been marked as a duplicate of bug 7199 ***