[PATCH] SSL: don't enable SSLv3 by default
Richard Fussenegger
richard at fussenegger.info
Thu Oct 30 15:54:47 UTC 2014
On 10/30/2014 4:47 PM, Maxim Dounin wrote:
> Hello!
>
> There is still compatibility point of view, and from this point of
> view it's important to be able to talk to old versions of
> browsers. To be able to show a message like "update your browser,
> it's too old", to deliver updates to them, or whatever.
I'd love to live in such a world, instead huge companies like Microsoft
are not capable of deploying valid certificates on their most frequented
websites. Seems like they've fixed it now, well you could always try to
download something from Oracle's download.oracle.com domain and *bam*
enjoy your certificate warning. Assuming you actually receive it, since
almost all browsers decide to simply ignore it because they don't want
to break the Internet.
I'm not the one to decide, but I still think that a major software like
nginx should stand out by proper reactions to security threads and RFC
statuses. However, I hope you react at least after the deprecation RFC
is out.
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20141030/62573243/attachment.bin>
More information about the nginx-devel
mailing list