--- a/components/openssl/openssl-1.0.1-fips-140/patches/42_rm_sslv2.patch Wed Oct 12 06:26:22 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,526 +0,0 @@
-#
-# This was developed in house. Not applicable to the upstream.
-#
---- openssl-1.0.1/ssl/ssl.h Tue May 26 11:13:15 2015
-+++ openssl-1.0.1/ssl/ssl.h.new Tue May 26 11:32:09 2015
-@@ -2016,12 +2016,28 @@
- /* This sets the 'default' SSL version that SSL_new() will create */
- int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-
--# ifndef OPENSSL_NO_SSL2_METHOD
--const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
--const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
--const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
--# endif
-
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+/* Mark SSLv2_* functions deprecated */
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
-+# ifndef OPENSSL_NO_SSL2
-+# ifndef OPENSSL_NO_SSL2_METHOD
-+DEPRECATED const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
-+DEPRECATED const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
-+DEPRECATED const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
-+# endif
-+# endif
-+
- # ifndef OPENSSL_NO_SSL3_METHOD
- const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
- const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
---- openssl-1.0.1/doc/ssl/SSL_CIPHER_get_name.pod Tue May 26 11:13:15 2015
-+++ openssl-1.0.1/doc/ssl/SSL_CIPHER_get_name.pod.new Tue May 26 11:32:09 2015
-@@ -25,7 +25,7 @@
-
- SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol
- version that first defined the cipher.
--This is currently B<SSLv2> or B<TLSv1/SSLv3>.
-+This is currently B<TLSv1/SSLv3>.
- In some cases it should possibly return "TLSv1.2" but does not;
- use SSL_CIPHER_description() instead.
- If B<cipher> is NULL, "(NONE)" is returned.
-@@ -56,7 +56,7 @@
-
- =item <protocol version>
-
--Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are
-+Protocol version: B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are
- flagged with SSLv3. No new ciphers were added by TLSv1.1.
-
- =item Kx=<key exchange>
---- openssl-1.0.1/doc/ssl/SSL_CTX_new.pod Tue Mar 1 14:02:53 2016
-+++ openssl-1.0.1/doc/ssl/SSL_CTX_new.pod.new Tue Mar 1 14:35:59 2016
-@@ -62,12 +62,12 @@
- These are the general-purpose I<version-flexible> SSL/TLS methods.
- The actual protocol version used will be negotiated to the highest version
- mutually supported by the client and the server.
--The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
-+The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
- Most applications should use these method, and avoid the version specific
- methods described below.
-
- The list of protocols available can be further limited using the
--B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
-+B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
- B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the
- L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions.
- Clients should avoid creating "holes" in the set of protocols they support,
-@@ -81,8 +81,6 @@
- Applications should typically use L<SSL_CTX_set_options(3)> in combination with
- the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above
- I<version-flexible> SSL/TLS methods.
--The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared
--via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2.
-
- =item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
-
-@@ -115,13 +113,7 @@
-
- =item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method()
-
--A TLS/SSL connection established with these methods will only understand the
--SSLv2 protocol. A client will send out SSLv2 client hello messages and will
--also indicate that it only understand SSLv2. A server will only understand
--SSLv2 client hello messages. The SSLv2 protocol offers little to no security
--and should not be used.
--As of OpenSSL 1.0.1s, EXPORT ciphers and 56-bit DES are no longer available
--with SSLv2.
-+The SSLv2 protocol offers little to no security and has been deprecated.
-
- =item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
-
---- openssl-1.0.1/doc/ssl/SSL_CTX_set_cipher_list.pod Thu Mar 19 06:37:10 2015
-+++ openssl-1.0.1/doc/ssl/SSL_CTX_set_cipher_list.pod.new Tue May 26 11:38:09 2015
-@@ -54,10 +54,6 @@
- keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
- and the handshake will fail.
-
--If the cipher list does not contain any SSLv2 cipher suites (this is the
--default) then SSLv2 is effectively disabled and neither clients nor servers
--will attempt to use SSLv2.
--
- =head1 RETURN VALUES
-
- SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher
---- openssl-1.0.1/doc/ssl/SSL_CTX_set_generate_session_id.pod Thu Jan 15 06:43:49 2015
-+++ openssl-1.0.1/doc/ssl/SSL_CTX_set_generate_session_id.pod.new Tue May 26 11:40:47 2015
-@@ -32,9 +32,8 @@
-
- When a new session is established between client and server, the server
- generates a session id. The session id is an arbitrary sequence of bytes.
--The length of the session id is 16 bytes for SSLv2 sessions and between
--1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical
--but must be unique for the server. Additionally, the session id is
-+The length of the session id is between 1 and 32 bytes. The session id is not
-+security critical but must be unique for the server. Additionally, the session id is
- transmitted in the clear when reusing the session so it must not contain
- sensitive information.
-
-@@ -51,12 +50,6 @@
- the callback B<must never> increase B<id_len> or write to the location
- B<id> exceeding the given limit.
-
--If a SSLv2 session id is generated and B<id_len> is reduced, it will be
--restored after the callback has finished and the session id will be padded
--with 0x00. It is not recommended to change the B<id_len> for SSLv2 sessions.
--The callback can use the L<SSL_get_version(3)|SSL_get_version(3)> function
--to check, whether the session is of type SSLv2.
--
- The location B<id> is filled with 0x00 before the callback is called, so the
- callback may only fill part of the possible length and leave B<id_len>
- untouched while maintaining reproducibility.
-@@ -63,9 +56,8 @@
-
- Since the sessions must be distinguished, session ids must be unique.
- Without the callback a random number is used, so that the probability
--of generating the same session id is extremely small (2^128 possible ids
--for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the
--uniqueness of the generated session id, the callback must call
-+of generating the same session id is extremely small (2^256 for SSLv3/TLSv1).
-+In order to assure the uniqueness of the generated session id, the callback must call
- SSL_has_matching_session_id() and generate another id if a conflict occurs.
- If an id conflict is not resolved, the handshake will fail.
- If the application codes e.g. a unique host id, a unique process number, and
-@@ -85,10 +77,6 @@
- the external cache is not tested with SSL_has_matching_session_id()
- and the same race condition applies.
-
--When calling SSL_has_matching_session_id() for an SSLv2 session with
--reduced B<id_len>, the match operation will be performed using the
--fixed length required and with a 0x00 padded id.
--
- The callback must return 0 if it cannot generate a session id for whatever
- reason and return 1 on success.
-
-@@ -104,12 +92,7 @@
- unsigned int *id_len)
- {
- unsigned int count = 0;
-- const char *version;
-
-- version = SSL_get_version(ssl);
-- if (!strcmp(version, "SSLv2"))
-- /* we must not change id_len */;
--
- do {
- RAND_pseudo_bytes(id, *id_len);
- /* Prefix the session_id with the required prefix. NB: If our
---- openssl-1.0.1/doc/ssl/SSL_CTX_set_options.pod Tue Jan 20 04:33:36 2015
-+++ openssl-1.0.1/doc/ssl/SSL_CTX_set_options.pod.new Tue May 26 11:41:47 2015
-@@ -63,18 +63,11 @@
-
- =item SSL_OP_MICROSOFT_SESS_ID_BUG
-
--www.microsoft.com - when talking SSLv2, if session-id reuse is
--performed, the session-id passed back in the server-finished message
--is different from the one decided upon.
-+As of OpenSSL 1.0.0 this option has no effect.
-
- =item SSL_OP_NETSCAPE_CHALLENGE_BUG
-
--Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
--challenge but then appears to only use 16 bytes when generating the
--encryption keys. Using 16 bytes is ok but it should be ok to use 32.
--According to the SSLv3 spec, one should use 32 bytes for the challenge
--when operating in SSLv2/v3 compatibility mode, but as mentioned above,
--this breaks this server so 16 bytes is the way to go.
-+As of OpenSSL 1.0.0 this option has no effect.
-
- =item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-
---- openssl-1.0.1/doc/ssl/SSL_get_default_timeout.pod Thu Jan 15 06:43:49 2015
-+++ openssl-1.0.1/doc/ssl/SSL_get_default_timeout.pod.new Tue May 26 11:42:15 2015
-@@ -24,7 +24,7 @@
- timeout for the protocol will be used.
-
- SSL_get_default_timeout() return this hardcoded value, which is 300 seconds
--for all currently supported protocols (SSLv2, SSLv3, and TLSv1).
-+for all currently supported protocols.
-
- =head1 RETURN VALUES
-
---- openssl-1.0.1/doc/ssl/SSL_get_version.pod Thu Jan 15 06:43:49 2015
-+++ openssl-1.0.1/doc/ssl/SSL_get_version.pod.new Tue May 26 11:42:45 2015
-@@ -21,9 +21,6 @@
-
- =over 4
-
--=item SSLv2
--
--The connection uses the SSLv2 protocol.
-
- =item SSLv3
-
---- openssl-1.0.1/doc/ssl/SSL_new.pod Thu Jan 15 06:43:49 2015
-+++ openssl-1.0.1/doc/ssl/SSL_new.pod.new Tue May 26 11:43:12 2015
-@@ -14,7 +14,7 @@
-
- SSL_new() creates a new B<SSL> structure which is needed to hold the
- data for a TLS/SSL connection. The new structure inherits the settings
--of the underlying context B<ctx>: connection method (SSLv2/v3/TLSv1),
-+of the underlying context B<ctx>: connection method,
- options, verification settings, timeout settings.
-
- =head1 RETURN VALUES
---- openssl-1.0.1/doc/ssl/SSL_shutdown.pod Thu Mar 19 06:37:10 2015
-+++ openssl-1.0.1/doc/ssl/SSL_shutdown.pod.new Tue May 26 11:43:56 2015
-@@ -60,9 +60,7 @@
-
- It is therefore recommended, to check the return value of SSL_shutdown()
- and call SSL_shutdown() again, if the bidirectional shutdown is not yet
--complete (return value of the first call is 0). As the shutdown is not
--specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on
--the first call.
-+complete (return value of the first call is 0).
-
- The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
-
---- openssl-1.0.1/doc/ssl/ssl.pod Tue Mar 1 05:40:03 2016
-+++ openssl-1.0.1/doc/ssl/ssl.pod.new Tue Mar 1 15:42:46 2016
-@@ -9,7 +9,7 @@
-
- =head1 DESCRIPTION
-
--The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
-+The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v3) and
- Transport Layer Security (TLS v1) protocols. It provides a rich API which is
- documented here.
-
-@@ -45,8 +45,8 @@
- =item B<SSL_METHOD> (SSL Method)
-
- That's a dispatch structure describing the internal B<ssl> library
--methods/functions which implement the various protocol versions (SSLv1, SSLv2
--and TLSv1). It's needed to create an B<SSL_CTX>.
-+methods/functions which implement the various protocol versions (SSLv3,
-+TLSv1, ...). It's needed to create an B<SSL_CTX>.
-
- =item B<SSL_CIPHER> (SSL Cipher)
-
-@@ -93,7 +93,7 @@
-
- =item B<ssl2.h>
-
--That's the sub header file dealing with the SSLv2 protocol only.
-+That's the sub header file dealing with the deprecated SSLv2 protocol only.
- I<Usually you don't have to include it explicitly because
- it's already included by ssl.h>.
-
-@@ -105,8 +105,8 @@
-
- =item B<ssl23.h>
-
--That's the sub header file dealing with the combined use of the SSLv2 and
--SSLv3 protocols.
-+That's the sub header file dealing with the combined use of the different
-+protocol versions.
- I<Usually you don't have to include it explicitly because
- it's already included by ssl.h>.
-
-@@ -201,15 +201,15 @@
- =item const SSL_METHOD *B<SSLv2_method>(void);
-
- Constructor for the SSLv2 SSL_METHOD structure for clients, servers
--or both.
-+or both. (deprecated)
-
- =item const SSL_METHOD *B<SSLv2_client_method>(void);
-
--Constructor for the SSLv2 SSL_METHOD structure for clients.
-+Constructor for the SSLv2 SSL_METHOD structure for clients. (deprecated)
-
- =item const SSL_METHOD *B<SSLv2_server_method>(void);
-
--Constructor for the SSLv2 SSL_METHOD structure for servers.
-+Constructor for the SSLv2 SSL_METHOD structure for servers. (deprecated)
-
- =back
-
-@@ -234,12 +234,12 @@
- =item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
-
- Return the internal name of I<cipher> as a string. These are the various
--strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
-+strings defined by the I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
- definitions in the header files.
-
- =item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
-
--Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
-+Returns a string like "C<TLSv1/SSLv3>" which indicates the
- SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
- in the specification the first time).
-
---- openssl-1.0.1/doc/apps/ciphers.pod Tue Mar 1 05:40:03 2016
-+++ openssl-1.0.1/doc/apps/ciphers.pod.new Tue Mar 1 15:28:28 2016
-@@ -9,7 +9,6 @@
- B<openssl> B<ciphers>
- [B<-v>]
- [B<-V>]
--[B<-ssl2>]
- [B<-ssl3>]
- [B<-tls1>]
- [B<cipherlist>]
-@@ -27,12 +26,9 @@
- =item B<-v>
-
- Verbose option. List ciphers with a complete description of
--protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
-+protocol version, key exchange,
- authentication, encryption and mac algorithms used along with any key size
- restrictions and whether the algorithm is classed as an "export" cipher.
--Note that without the B<-v> option, ciphers may seem to appear twice
--in a cipher list; this is when similar ciphers are available for
--SSL v2 and for SSL v3/TLS v1.
-
- =item B<-V>
-
-@@ -42,10 +38,6 @@
-
- This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2.
-
--=item B<-ssl2>
--
--Only include SSLv2 ciphers.
--
- =item B<-h>, B<-?>
-
- Print a brief usage message.
-@@ -255,9 +247,9 @@
- ciphers suites using FORTEZZA key exchange, authentication, encryption or all
- FORTEZZA algorithms. Not implemented.
-
--=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2>
-+=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>
-
--TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note:
-+TLS v1.2, TLS v1.0, or SSL v3.0 cipher suites respectively. Note:
- there are no ciphersuites specific to TLS v1.1.
-
- =item B<AES128>, B<AES256>, B<AES>
-@@ -578,16 +570,6 @@
- TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
- TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
-
--=head2 Deprecated SSL v2.0 cipher suites.
--
-- SSL_CK_RC4_128_WITH_MD5 RC4-MD5
-- SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented.
-- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5
-- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented.
-- SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
-- SSL_CK_DES_64_CBC_WITH_MD5 Not implemented.
-- SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
--
- =head1 NOTES
-
- The non-ephemeral DH modes are currently unimplemented in OpenSSL
---- openssl-1.0.1/doc/apps/s_client.pod Tue Mar 1 05:40:03 2016
-+++ openssl-1.0.1/doc/apps/s_client.pod.new Tue Mar 1 15:37:40 2016
-@@ -32,10 +32,8 @@
- [B<-ign_eof>]
- [B<-no_ign_eof>]
- [B<-quiet>]
--[B<-ssl2>]
- [B<-ssl3>]
- [B<-tls1>]
--[B<-no_ssl2>]
- [B<-no_ssl3>]
- [B<-no_tls1>]
- [B<-bugs>]
-@@ -197,7 +195,7 @@
- given as a hexadecimal number without leading 0x, for example -psk
- 1a2b3c4d.
-
--=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-
- These options require or disable the use of the specified SSL or TLS protocols.
- By default the initial handshake uses a I<version-flexible> method which will
-@@ -215,10 +213,6 @@
- supported cipher in the list sent by the client. See the B<ciphers>
- command for more information.
-
--=item B<-serverpref>
--
--use the server's cipher preferences; only used for SSLV2.
--
- =item B<-starttls protocol>
-
- send the protocol-specific message(s) to switch to TLS for communication.
-@@ -295,8 +289,8 @@
- then an HTTP command can be given such as "GET /" to retrieve a web page.
-
- If the handshake fails then there are several possible causes, if it is
--nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
--B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
-+nothing obvious like no client certificate then the B<-bugs>,
-+B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried
- in case it is a buggy server. In particular you should play with these
- options B<before> submitting a bug report to an OpenSSL mailing list.
-
-@@ -318,10 +312,6 @@
- If there are problems verifying a server certificate then the
- B<-showcerts> option can be used to show the whole chain.
-
--Since the SSLv23 client hello cannot include compression methods or extensions
--these will only be supported if its use is disabled, for example by using the
--B<-no_sslv2> option.
--
- The B<s_client> utility is a test tool and is designed to continue the
- handshake after any certificate verification errors. As a result it will
- accept any certificate chain (trusted or not) sent by the peer. None test
---- openssl-1.0.1/doc/apps/s_server.pod Tue Mar 1 05:40:03 2016
-+++ openssl-1.0.1/doc/apps/s_server.pod.new Tue Mar 1 15:38:50 2016
-@@ -39,10 +39,8 @@
- [B<-serverpref>]
- [B<-quiet>]
- [B<-no_tmp_rsa>]
--[B<-ssl2>]
- [B<-ssl3>]
- [B<-tls1>]
--[B<-no_ssl2>]
- [B<-no_ssl3>]
- [B<-no_tls1>]
- [B<-no_dhe>]
-@@ -221,7 +219,7 @@
- given as a hexadecimal number without leading 0x, for example -psk
- 1a2b3c4d.
-
--=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-
- These options require or disable the use of the specified SSL or TLS protocols.
- By default the initial handshake uses a I<version-flexible> method which will
---- openssl-1.0.1/doc/apps/s_time.pod Thu Jan 15 06:43:49 2015
-+++ openssl-1.0.1/doc/apps/s_time.pod.new Tue May 26 12:20:09 2015
-@@ -19,7 +19,6 @@
- [B<-verify depth>]
- [B<-nbio>]
- [B<-time seconds>]
--[B<-ssl2>]
- [B<-ssl3>]
- [B<-bugs>]
- [B<-cipher cipherlist>]
-@@ -92,18 +90,17 @@
-
- turns on non-blocking I/O.
-
--=item B<-ssl2>, B<-ssl3>
-+=item B<-ssl3>
-
- these options disable the use of certain SSL or TLS protocols. By default
- the initial handshake uses a method which should be compatible with all
--servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
-+servers and permit them to use SSL v3 or TLS as appropriate.
- The timing program is not as rich in options to turn protocols on and off as
- the L<s_client(1)|s_client(1)> program and may not connect to all servers.
-
- Unfortunately there are a lot of ancient and broken servers in use which
- cannot handle this technique and will fail to connect. Some servers only
--work if TLS is turned off with the B<-ssl3> option; others
--will only support SSL v2 and may need the B<-ssl2> option.
-+work if TLS is turned off with the B<-ssl3> option.
-
- =item B<-bugs>
-
-@@ -137,7 +122,7 @@
- for details.
-
- If the handshake fails then there are several possible causes, if it is
--nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
-+nothing obvious like no client certificate then the B<-bugs>,
- B<-ssl3> options can be tried
- in case it is a buggy server. In particular you should play with these
- options B<before> submitting a bug report to an OpenSSL mailing list.
---- openssl-1.0.1/doc/apps/sess_id.pod Thu Jan 15 06:43:49 2015
-+++ openssl-1.0.1/doc/apps/sess_id.pod.new Tue May 26 12:21:07 2015
-@@ -91,7 +91,7 @@
-
- =item B<Protocol>
-
--this is the protocol in use TLSv1, SSLv3 or SSLv2.
-+this is the protocol in use TLSv1.2, TLSv1.1, TLSv1 or SSLv3.
-
- =item B<Cipher>
-
-@@ -110,10 +110,6 @@
-
- this is the SSL session master key.
-
--=item B<Key-Arg>
--
--the key argument, this is only used in SSL v2.
--
- =item B<Start Time>
-
- this is the session start time represented as an integer in standard Unix format.