[PATCH] SSL: don't enable SSLv3 by default
mdounin at mdounin.ru
Thu Oct 30 15:47:05 UTC 2014
On Thu, Oct 30, 2014 at 04:30:46PM +0100, Richard Fussenegger wrote:
> On 10/30/2014 4:26 PM, Maxim Dounin wrote:
> >And there are various clients which
> >don't support anything better, including IE6 on XP.
> >Talking about not updated versions from security point of
> >view is mostly pointless, as there are multiple security problems
> >fixed on a regular basis, and not updated means not secure.
> Well, that's actually my point. Those old libraries and clients shouldn't be
> supported since they are, well, old. Like the old versions of the others.
There is still compatibility point of view, and from this point of
view it's important to be able to talk to old versions of
browsers. To be able to show a message like "update your browser,
it's too old", to deliver updates to them, or whatever.
More information about the nginx-devel