Bug 7093 - Incorrect use of SSLv3
Summary: Incorrect use of SSLv3
Status: RESOLVED DUPLICATE of bug 7199
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamc/spamd (show other bugs)
Version: SVN Trunk (Latest Devel Version)
Hardware: PC Linux
: P2 normal
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-20 18:13 UTC by Marc Deslaurers
Modified: 2015-05-27 10:15 UTC (History)
1 user (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Deslaurers 2014-10-20 18:13:08 UTC 
The following commit is incorrect:

https://github.com/apache/spamassassin/commit/87caaa37615318eaa8940a5c6f3d6065cedd86d1

This makes spamassassin use SSLv3 by default, and does _not_ do what is documented:

"The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
higher hello handshake, then negotiating use of SSLv3 or TLSv1
protocol if the client can accept it."

See downstream bug report:
https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1383415
Comment 1 Kevin A. McGrail 2015-05-27 10:15:23 UTC 
combining related bugs.

*** This bug has been marked as a duplicate of bug 7199 ***