Hi Michael, yes, I will take care of it, but I was travelling a lot around these days, so I am lagging little behind. I'll take care of it now.
Cheers, Ondrej On Tue, Nov 10, 2015, at 08:54, Michael Stapelberg wrote: > Ondřej, are you taking care of this one or do you need help with it? > > Asking because this will lead to removal of irssi and related packages > from testing, which I’d like to avoid. > > Kurt Roeckx <k...@roeckx.be> writes: > > > Source: dnsval > > Version: 2.0-2 > > Severity: serious > > > > Hi, > > > > Version 2.0 has this line in dane_check.c: > > const SSL_METHOD *meth = SSLv3_client_method(); > > > > On the other hand, the 2.1 version has: > > const SSL_METHOD *meth = SSLv23_client_method(); > > > > (It also explicitly disables SSLv2 and SSLv3, but that doesn't > > have any effect in Debian since jessie.) > > > > Please change the 2.0 to use SSLv23_client_method() that actually > > support multiple versions. The SSLv3_client_method only talks > > SSLv3. > > > > Also please consider backporting to stable, you really don't want > > to use SSLv3. > > > > > > Kurt > > > > > > > > -- > Best regards, > Michael -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
