On 16 March 2016 at 22:58, Viktor Dukhovni <openssl-users at dukhovni.org> wrote: > On Wed, Mar 16, 2016 at 10:52:39PM +0000, Richard Moore wrote: > > > On 16 March 2016 at 22:39, Viktor Dukhovni <openssl-users at dukhovni.org> > > wrote: > > > > > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote: > > > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable > > > with OPENSSL_NO_SSL2. The "OPENSSL_NO_..." macros specify disabled > > > features, not deleted code. > > > > > > > ?That's the major flaw of the current design of flagging when features > are > > disabled rather than when they're present. I'm sure you'll get plenty > more > > reports like this. > > Use feature probing via autoconf, or just: > > #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_NO_SSL2) > /* SSLv2 available */ > #else > /* SSLv2 not available */ > #endif > > Better yet, drop support for SSLv2, and then you don't care whether OpenSSL > provides it or not. > > ?SSL2 is simply an example of this issue, the same applies to others eg. it will no doubt occur in future for NPN since ALPN has replaced it. ? ?The problem is the concept itself since it will require every app to have coded into it when a given feature was removed should it attempt to support it when present. Rich.? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160316/5dbfdb07/attachment.html>
