[PATCH] SSL: don't enable SSLv3 by default
richard at fussenegger.info
Thu Oct 30 15:30:46 UTC 2014
On 10/30/2014 4:26 PM, Maxim Dounin wrote:
> And there are various clients which
> don't support anything better, including IE6 on XP.
> Talking about not updated versions from security point of
> view is mostly pointless, as there are multiple security problems
> fixed on a regular basis, and not updated means not secure.
Well, that's actually my point. Those old libraries and clients
shouldn't be supported since they are, well, old. Like the old versions
of the others.
Also note that SSLv3's RFC has status HISTORIC. The guys over at the
IETF TLS list are talking about deprecating it, but some parties argue
that the HISTORIC status is equivalent to deprecation.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4237 bytes
Desc: S/MIME Cryptographic Signature
More information about the nginx-devel