Created attachment 1152209 [details] Disable sslv3 Description of problem:https://www.rfc-editor.org/rfc/rfc7568.txt According to rfc7568, sslv3 is no longer considered secure. This patch disables sslv3 if the system's openssl is compiled without it. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 1152210 [details] Updated NEWS
Created attachment 1152211 [details] fetchmail patch
Created attachment 1152212 [details] configure.ac patch
Created attachment 1152213 [details] fetchmail spec diff
Thanks, applied. Just for clarification - it doesn't disable SSLv3 (it already was disabled, because it's disabled in openssl), but improves error message when fetchmail is forced to use SSLv3 (with "sslproto ssl3") and add "-SSL3" to "fetchmail --version" output. All important SSL changes were already backported from upstream at the end of October 2015.