[PATCH] SSL: don't enable SSLv3 by default

Richard Fussenegger richard at fussenegger.info
Thu Oct 30 15:54:47 UTC 2014

On 10/30/2014 4:47 PM, Maxim Dounin wrote:
> Hello!
> There is still compatibility point of view, and from this point of
> view it's important to be able to talk to old versions of
> browsers.  To be able to show a message like "update your browser,
> it's too old", to deliver updates to them, or whatever.

I'd love to live in such a world, instead huge companies like Microsoft 
are not capable of deploying valid certificates on their most frequented 
websites. Seems like they've fixed it now, well you could always try to 
download something from Oracle's download.oracle.com domain and *bam* 
enjoy your certificate warning. Assuming you actually receive it, since 
almost all browsers decide to simply ignore it because they don't want 
to break the Internet.

I'm not the one to decide, but I still think that a major software like 
nginx should stand out by proper reactions to security threads and RFC 
statuses. However, I hope you react at least after the deprecation RFC 
is out.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20141030/62573243/attachment.bin>

More information about the nginx-devel mailing list