[PATCH] SSL: don't enable SSLv3 by default

Maxim Dounin mdounin at mdounin.ru
Thu Oct 30 15:47:05 UTC 2014


Hello!

On Thu, Oct 30, 2014 at 04:30:46PM +0100, Richard Fussenegger wrote:

> On 10/30/2014 4:26 PM, Maxim Dounin wrote:
> >And there are various clients which
> >don't support anything better, including IE6 on XP.
> >[...]
> >Talking about not updated versions from security point of
> >view is mostly pointless, as there are multiple security problems
> >fixed on a regular basis, and not updated means not secure.
> 
> Well, that's actually my point. Those old libraries and clients shouldn't be
> supported since they are, well, old. Like the old versions of the others.

There is still compatibility point of view, and from this point of 
view it's important to be able to talk to old versions of 
browsers.  To be able to show a message like "update your browser, 
it's too old", to deliver updates to them, or whatever.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list