On Sat, Nov 14, 2015 at 08:34:47AM -0700, Alex Rousskov wrote: > On 11/14/2015 06:39 AM, Kurt Roeckx wrote: > > Source: polygraph > > Version: 4.3.2-1.2 > > Severity: serious > > Control: block 797926 by -1 > > > I suggest you remove all of that and only use SSLv23_method(). > > All the other are version specific methods, only SSLv23_* speaks > > multiple versions. > > Removal of other methods is not a good idea because users need to > control which methods are used (including the ones unsupported by the > latest OpenSSL). We will provide a different fix.
The other methods will go away in the future because people misuse them. You really should only use the SSLv23_* methods. Your users don't have a need to support a specific method that only supports a given protocol. What they might need is to be able to limit the supported versions. As I said you should use SSL_set_options() for that. Kurt
