From owner-svn-src-all@freebsd.org  Fri Mar  4 15:03:50 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 687F69DB025;
 Fri,  4 Mar 2016 15:03:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru)
Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2CE2CDC1;
 Fri,  4 Mar 2016 15:03:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru)
Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD))
 (envelope-from <slw@zxy.spb.ru>)
 id 1abrGV-000FwA-ND; Fri, 04 Mar 2016 18:03:39 +0300
Date: Fri, 4 Mar 2016 18:03:39 +0300
From: Slawa Olhovchenkov <slw@zxy.spb.ru>
To: Jung-uk Kim <jkim@FreeBSD.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: Re: svn commit: r296371 - stable/10/secure/lib/libcrypto
Message-ID: <20160304150339.GB94639@zxy.spb.ru>
References: <201603040040.u240eGeY044590@repo.freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201603040040.u240eGeY044590@repo.freebsd.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: slw@zxy.spb.ru
X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2016 15:03:50 -0000

On Fri, Mar 04, 2016 at 12:40:16AM +0000, Jung-uk Kim wrote:

> Author: jkim
> Date: Fri Mar  4 00:40:15 2016
> New Revision: 296371
> URL: https://svnweb.freebsd.org/changeset/base/296371
> 
> Log:
>   Re-enable SSLv2 support to restore ABI.
>   
>   Excerpt from CHANGES:
>   
>       Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via
>       the version-flexible SSLv23_method() will need to explicitly call
>       either of:
>   
>   	SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
>       or
>   	SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
>   
>       as appropriate.  Even if either of those is used, or the application
>       explicitly uses the version-specific SSLv2_method() or its client and
>       server variants, SSLv2 ciphers vulnerable to exhaustive search key
>       recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
>       ciphers, and SSLv2 56-bit DES are no longer available.
>   
>   Approved by:	re (marius, gjb), so (delphij)
> 
> Modified:
>   stable/10/secure/lib/libcrypto/opensslconf-arm.h
>   stable/10/secure/lib/libcrypto/opensslconf-ia64.h
>   stable/10/secure/lib/libcrypto/opensslconf-mips.h
>   stable/10/secure/lib/libcrypto/opensslconf-powerpc.h
>   stable/10/secure/lib/libcrypto/opensslconf-sparc64.h
>   stable/10/secure/lib/libcrypto/opensslconf-x86.h

Need to re-mergered to 10.3 too?