httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stuart Henderson <>
Subject Re: patch (mod_ssl/ab) to support OPENSSL_NO_SSL3 builds
Date Thu, 10 Sep 2015 12:00:44 GMT
On 2015/09/10 13:40, Stefan Sperling wrote:
> On Thu, Sep 10, 2015 at 10:37:44AM +0000, Stuart Henderson wrote:
> > I've opened a ticket for this already (bz 58349) but it was suggested
> > that I send mail here as well.
> > 
> > Currently httpd builds fail with libressl as SSLv3 has been disabled
> > (OPENSSL_NO_SSL3); ab.c and mod_ssl unconditionally use SSLv3_method()
> > functions.
> > 
> > ab.c fails at build time, mod_ssl is slightly nastier as this isn't
> > picked up until trying to start a server with ssl enabled.
> > 
> > Thanks,
> > Stuart
> Does OpenSSL use the name OPENSSL_NO_SSL3 too?
> Or is this macro defined by LibreSSL only?

With OpenSSL this is defined when it's built with the no-ssl3 option, it
works the same as building with no-rc5, no-ssl2, etc. This patch is
similar to previous patches which were added to various projects when
various OS (e.g. Debian, OpenBSD) disabled ssl2 in their standard builds
of OpenSSL.

For LibreSSL the functions have just been removed completely, it's no
longer a build option, but the effect is exactly the same as an OpenSSL
build with no-ssl3.

View raw message