Public bug reported: cURL supports a -ssl3 option (and rightly so), but openssl removed it prematurely (see https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1934040). The fallout:
torsocks curl --insecure --ssl-allow-beast -ssl3 -vvI https://xhfheq5i37waj6qb.onion:110 2>&1 * Trying 127.42.42.0:110... * Connected to xhfheq5i37waj6qb.onion (127.42.42.0) port 110 (#0) * OpenSSL was built without SSLv3 support * Closing connection 0 Is it possible that curl's check for ssl3 is flawed? I say that because both curl and fetchmail are dependant on the same libssl pkg, and yet fetchmail can still do ssl3 but curl can't. Neither curl nor fetchmail names "openssl" as a dependency. So curl perhaps should not look to the openssl package to detect ssl3 capability. SSL3 is still useful for onion sites, so curl should do the necessary to retain that capability. ** Affects: curl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/1934044 Title: openssl removed ssl2/3 and broke cURL because curl uses openssl instead of libssl Status in curl package in Ubuntu: New Bug description: cURL supports a -ssl3 option (and rightly so), but openssl removed it prematurely (see https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1934040). The fallout: torsocks curl --insecure --ssl-allow-beast -ssl3 -vvI https://xhfheq5i37waj6qb.onion:110 2>&1 * Trying 127.42.42.0:110... * Connected to xhfheq5i37waj6qb.onion (127.42.42.0) port 110 (#0) * OpenSSL was built without SSLv3 support * Closing connection 0 Is it possible that curl's check for ssl3 is flawed? I say that because both curl and fetchmail are dependant on the same libssl pkg, and yet fetchmail can still do ssl3 but curl can't. Neither curl nor fetchmail names "openssl" as a dependency. So curl perhaps should not look to the openssl package to detect ssl3 capability. SSL3 is still useful for onion sites, so curl should do the necessary to retain that capability. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1934044/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
