[MacPorts] #50865: openssl: variant with SSLv2 support?
#50865: openssl: variant with SSLv2 support? -------------------------+-------------------------------- Reporter: braumann@… | Owner: macports-tickets@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.4 Keywords: sslv2 | Port: openssl -------------------------+-------------------------------- As openssl 1.0.2g has no longer SSLv2 enabled by default, I wonder if a variant could be made wich re-enables SSLv2 during configure time? E.g. the port {{{sslscan}}} cannot be build anymore if SSLv2 is turned off: #50855 -- Ticket URL: <https://trac.macports.org/ticket/50865> MacPorts <https://www.macports.org/> Ports system for OS X
#50865: openssl: variant with SSLv2 support? --------------------------+------------------- Reporter: braumann@… | Owner: cal@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: openssl | --------------------------+------------------- Changes (by mf2k@…): * keywords: sslv2 => * cc: cal@… (removed) * version: 2.3.4 => * owner: macports-tickets@… => cal@… -- Ticket URL: <https://trac.macports.org/ticket/50865#comment:1> MacPorts <https://www.macports.org/> Ports system for OS X
#50865: openssl: variant with SSLv2 support? --------------------------+------------------- Reporter: braumann@… | Owner: cal@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: openssl | --------------------------+------------------- Comment (by cal@…): Given the security issues in SSLv2 I would like to avoid offering the possibility to make your own system insecure, especially since installing openssl +ssl2 would not only affect sslscan. Larry, what's your opinion on this? -- Ticket URL: <https://trac.macports.org/ticket/50865#comment:2> MacPorts <https://www.macports.org/> Ports system for OS X
#50865: openssl: variant with SSLv2 support? --------------------------+------------------- Reporter: braumann@… | Owner: cal@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: openssl | --------------------------+------------------- Comment (by ryandesign@…): I agree. Fix sslscan instead. -- Ticket URL: <https://trac.macports.org/ticket/50865#comment:3> MacPorts <https://www.macports.org/> Ports system for OS X
#50865: openssl: variant with SSLv2 support? --------------------------+------------------- Reporter: braumann@… | Owner: cal@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: openssl | --------------------------+------------------- Comment (by JustinVallon@…): #50872 is a build failure of courier-imap. How are clients (of openssl) supposed to handle the deprecation of SSLv2_method? What is the proper procedure for removing the call to the removed function? Assume I know nothing about the openssl API. The alternative is to upgrade to courier-imap latest release, and complain to their maintainer if it doesn't build against openssl latest. -- Ticket URL: <https://trac.macports.org/ticket/50865#comment:4> MacPorts <https://www.macports.org/> Ports system for OS X
#50865: openssl: variant with SSLv2 support? --------------------------+------------------- Reporter: braumann@… | Owner: cal@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: openssl | --------------------------+------------------- Comment (by larryv@…): Replying to [comment:2 cal@…]:
Larry, what's your opinion on this?
I concur with you and Ryan: I don’t like the idea of letting users backslide on this. Plus, upstream is planning to [https://www.openssl.org/news/openssl-1.1.0-notes.html remove SSLv2 entirely by 1.1.0], so incompatible ports will have to be fixed anyway. If there are many such ports, we could use this ticket to keep track of the work. -- Ticket URL: <https://trac.macports.org/ticket/50865#comment:5> MacPorts <https://www.macports.org/> Ports system for OS X
#50865: openssl: variant with SSLv2 support? --------------------------+-------------------- Reporter: braumann@… | Owner: cal@… Type: enhancement | Status: closed Priority: Normal | Milestone: Component: ports | Version: Resolution: wontfix | Keywords: Port: openssl | --------------------------+-------------------- Changes (by cal@…): * status: new => closed * resolution: => wontfix Comment: courier-imap is being handled in #50872. sslscan will have to be fixed upstream. Closing this as wontfix since we all agree that we should no longer provide SSLv2. -- Ticket URL: <https://trac.macports.org/ticket/50865#comment:7> MacPorts <https://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts