SSLv2 - do we really need it?

Ante Karamatic ivoks at
Tue Jul 22 13:43:14 UTC 2008

On Tue, 22 Jul 2008 08:22:13 -0500
"Dustin Kirkland" <kirkland at> wrote:

> And as soon as we get to the point where no packages depend on that,
> we remove it?

Our packages shouldn't be the problem (I doubt we have sslv2-only
clients or servers). If there are problematic packages, then by
definition those problems are bugs.

Problems are third party packages, like XYZ IMAP client from ABCD
company which supports only SSLv2 (I'm not aware of any program like
that, but you get my point). For sysadmins of servers which have
clients like that, openssl with SSLv2 is must have.

I like the idea of additional package in universe. But how much
problems could that produce?

More information about the ubuntu-server mailing list