SSLv2 - do we really need it?
ivoks at grad.hr
Sun Jul 27 12:49:26 BST 2008
On Sat, 26 Jul 2008 13:27:52 -0600
Neal McBurnett <neal at bcn.boulder.co.us> wrote:
> So I'm confused about what Steve said. I don't fully grok the bug,
> but it sounds to me like there is presumed to be an IBM LDAP product
> out there that can't be connected to because of lack of sslv2 support
> in Ubuntu gnutls.
That bug isn't about the SSLv2.
That client supports newer versions of SSL (cause if you specify SSL3
as a connection protocol connection is established).
Most probably this is a bug in GnuTLS, but unrelated to SSL2. Cause
connecting directly to some servers over SSL3 and/or TLS produces
error in handshake. But connecting to those servers with firefox's NSS
or openssl, there are no problems (connection is established over TLS1).
More information about the ubuntu-devel