A security audit has ruled that SSLv2 and SSLv3 must be eliminated from a Linux web server. The administrator is considering replacing the system's OpenSSL package with LibreSSL, which is available in the distribution's repository. Which statement about LibreSSL most directly indicates whether this change will satisfy the compliance requirement?
LibreSSL can use TLS 1.3 only when a legacy build flag is enabled, so it is unsuitable for modern HTTPS deployments.
LibreSSL's code is an exact clone of OpenSSL 1.1.1 compiled with FIPS-140-2 mode, guaranteeing federal certification.
LibreSSL removes elliptic-curve cryptography support and therefore confines users to RSA-only cipher suites.
LibreSSL disables support for SSLv2 and SSLv3 by default, eliminating legacy protocol exposure.
LibreSSL was created to modernize OpenSSL and intentionally removed obsolete and insecure protocol code. Both SSLv2 and SSLv3 were disabled in its initial releases and later stripped out completely, so adopting LibreSSL eliminates those legacy protocols automatically. The other statements are incorrect: TLS 1.3 is enabled by default (no special build flags are required); LibreSSL is not FIPS-140-2 certified and its code base has diverged significantly from OpenSSL 1.1.1; and it retains full support for elliptic-curve cipher suites, adding additional curves rather than deprecating them.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are SSLv2 and SSLv3 considered insecure protocols?
Open an interactive chat with Bash
What is the key difference between LibreSSL and OpenSSL?
Open an interactive chat with Bash
What is elliptic-curve cryptography (ECC) and why is it important?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access