On Thu, Aug 06, 2020 at 09:24:32PM +0200, Patrick Mooc wrote:
> Thank you Ben for your answer.
>
> I had a look today for this point, but I didin't found anything about
> extension in the OpenSSL version I use (0.9.8).
If I am mistaken, OpenSSL 0.9.8 shuld have support for the SNI
extension. It also supports using SSL_CTX_set_options() to set the
SSL_OP_NO_SSLv2 option, which is likely the simplest way to ensure that
SSLv2 is not used.
These days one should probably also disable SSLv3 (via SSL_OP_NO_SSLv2),
but even with that, there are likely some unaddressed security defects
in OpenSSL 0.9.8 that make it unwise to continue using it in general.
--
VIktor.
