[botan-devel] Removing SSLv3 and SSLv2 client hello handling

Jack Lloyd lloyd at randombit.net
Sun Dec 28 12:13:35 EST 2014


As part of removing SSLv3 support in a future release (as mentioned in
the 1.11.11 announcement note, copied below), I'm planning on also
removing support for processing SSLv2-mapped TLS client hellos.  This
has no affect on clients, or on servers which only talk to botan TLS
clients, but may affect servers with clients running old or
misconfigured versions of openssl and company which sometimes send
SSLv2 hellos.

As with the SSLv3 removal if this change to client hellos breaks your
application now is a good time to mention it, as once the code is
removed it will not be back. :)

Cheers,
  Jack

On Tue, Dec 23, 2014 at 08:41:43AM -0500, Jack Lloyd wrote:

> One additional important note is that as of 1.11.11, SSLv3 support in the TLS
> stack is officially deprecated (in addition to being disabled by default, as
> it has since 1.11.6). I'm planning on removing SSLv3 support entirely in Q1 of
> 2015 for both 1.11 and 1.10 branches. If this raises horrible show stopper
> issues for you now is your time to yell.
> 


More information about the botan-devel mailing list