Subject: [Boost-bugs] [Boost C++ Libraries] #11782: OpenSSL SSLv3 methods removed
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2015-11-02 21:13:08
#11782: OpenSSL SSLv3 methods removed
---------------------+------------------------------
Reporter: kurt@… | Type: Bugs
Status: new | Milestone: To Be Determined
Component: None | Version: Boost 1.58.0
Severity: Problem | Keywords:
---------------------+------------------------------
Hi,
asio/ssl/impl/context.ipp you have code that looks loks like:
#if defined(OPENSSL_NO_SSL2)
case context::sslv2:
case context::sslv2_client:
case context::sslv2_server:
boost::asio::detail::throw_error(
boost::asio::error::invalid_argument, "context");
break;
#else // defined(OPENSSL_NO_SSL2)
case context::sslv2:
handle_ = ::SSL_CTX_new(::SSLv2_method());
break;
case context::sslv2_client:
handle_ = ::SSL_CTX_new(::SSLv2_client_method());
break;
case context::sslv2_server:
handle_ = ::SSL_CTX_new(::SSLv2_server_method());
break;
#endif // defined(OPENSSL_NO_SSL2)
case context::sslv3:
handle_ = ::SSL_CTX_new(::SSLv3_method());
break;
case context::sslv3_client:
handle_ = ::SSL_CTX_new(::SSLv3_client_method());
break;
case context::sslv3_server:
handle_ = ::SSL_CTX_new(::SSLv3_server_method());
break;
Please do the same for the SSLv3 part but then using
OPENSSL_NO_SSL3_METHOD
I've just disabled those SSLv3 methods in Debian.
It would also be nice that you just removed things like TLSv1_1_method()
method too, and only use SSLv23_method() (or TLS_method()). Also see
ticket #10690.
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/11782> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:19 UTC