really drop SSLv2

Scott Kitterman ubuntu at
Mon Jul 19 22:22:51 BST 2010

"Kees Cook" <kees at> wrote:

>In 2008 there was discussion[1] about disabling SSLv2 in OpenSSL. The
>conclusion seemed favorable for it, and so it was attempted[2] in openssl
>0.9.8g-10.1ubuntu2 for Intrepid.
>Unfortunately, this change seems to have had no affect on the build, and
>SSLv2 has remained available. I would like to propose fixing this for real
>now, and documenting the change in the SSL man pages.
>I'd like to point out that even as far back as Dapper, GnuTLS has not
>supported SSLv2; IMO, it is high time to make it go away for OpenSSL too.
>The attached debdiff would disallow the use of SSLv2 in any mode without
>wrecking the openssl library ABI.

Yes. Please. Make it die. 

Scott K

More information about the ubuntu-devel mailing list