Date: Fri, 16 Feb 2018 19:22:40 -0800 From: Doug Hardie <bc979@lafn.org> To: FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Qpopper and openssl on FreeBSD 11.x Message-ID: <F2C790CE-CD5B-41A8-B3A5-826392D5B43E@mail.sermon-archive.info>
next in thread | raw e-mail | index | archive | help
I have encountered an interesting situation while trying to resolve a PR = on qpopper. I am unable to build qpopper on 11.1 (and probably 11.0) = because the openssl function SSLv3_server_method has been removed. I = can see where the SSLv2 functions are disabled in ssl.h, but the SSLv3 = functions appear that they should be there. nm on libssl shows they are = there. Clang's linker can't link to them. One of the qpopper users' = indicates that the problem does not exist on 10.4. I believe the loss = of the SSLv3 methods is a bug and have filed Bug report. Resolution of that PR will obviously take some time. The question at = hand is what to do in the meantime. I am guessing the packages must be = built on 10.x or there would be a report of the problem. I can easily = change the code, via a patch, to use SSLv23_server_method in all cases, = or the preferred TLSv1_server_method. That will eliminate the options = to restrict qpopper to SSLv2 or SSLv3. This does not appear to be an = issue for those running 11.x. However, it is for those using 10.x and = earlier. Given the security issues today, I can't imagine anyone = wanting to use those options, but it is possible someone is using them. = Switching to the TLSv1_server_method will remove that capability for = them. =20 -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F2C790CE-CD5B-41A8-B3A5-826392D5B43E>