From bd221c2699ba0b8a431b2d72ac3475c3e577f398 Mon Sep 17 00:00:00 2001
From: Adam Weinberger <adamw@FreeBSD.org>
Date: Mon, 4 Apr 2016 17:05:31 +0000
Subject: Disable SSLv3 and enable TLSv1.1 and TLSv1.2.

This is a patch make by Debian's own Noah Meyerhans that disables SSLv3,
fixes or removes the tests that choke without SSLv3, and lets
IO::Socket::SSL choose the best TLS level rather than forcing it at
TLSv1.

I can't think of a responsible reason to allow re-enabling it as an
OPTION, so add a note to UPDATING warning people of the change and
referencing the below PR.

PORTREVISION bump.

PR:		208225
Submitted by:	Sascha Holzleiter
Obtained from:	https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7199
MFH:		2016Q2
---
 UPDATING | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'UPDATING')

diff --git a/UPDATING b/UPDATING
index 22374722969a..c332dbae6a14 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,15 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20160404:
+  AFFECTS: mail/spamassassin
+  AUTHOR: adamw@FreeBSD.org
+
+  Support for SSLv3 has been removed from SpamAssassin, because
+  SSLv3 is a Bad Idea. No direct option is provided to re-enable it.
+  If your setup requires use of SSLv3, some instructions are available
+  in FreeBSD PR 208225.
+
 20160331:
   AFFECTS: security/clamav-unofficial-sigs
   AUTHOR: lukasz@wasikowski.net, sf@maxempire.com
-- 
cgit v1.2.3