SA Bugzilla – Bug 7093
Incorrect use of SSLv3
Last modified: 2015-05-27 10:15:23 UTC
The following commit is incorrect: https://github.com/apache/spamassassin/commit/87caaa37615318eaa8940a5c6f3d6065cedd86d1 This makes spamassassin use SSLv3 by default, and does _not_ do what is documented: "The default, B<sslv3>, is the most flexible, accepting a SSLv3 or higher hello handshake, then negotiating use of SSLv3 or TLSv1 protocol if the client can accept it." See downstream bug report: https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1383415
combining related bugs. *** This bug has been marked as a duplicate of bug 7199 ***