Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0

From:	Tim Rühsen
Subject:	Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Date:	Wed, 15 Oct 2014 21:22:12 +0200
User-agent:	KMail/4.14.1 (Linux/3.16-2-amd64; KDE/4.14.1; x86_64; ; )

Am Mittwoch, 15. Oktober 2014, 15:25:34 schrieb Nikos Mavrogiannopoulos:
> Hello,
>  Given the new and old attacks known for SSL 3.0, would it make sense
> to disable SSL 3.0 in the default priority strings?
> 

Wget for example uses GnuTLS default settings as default.
Changing the default priority strings in GnuTLS gives the security benefit to 
Wget without changing Wget's code. That is a good reason to use GnuTLS (or 
other libraries) default settings in clients.

Some scenarios might break ... but since we all want to go away from SSLv3 
towards TLS (the sooner the better), it seems to be a good choice to me to 
change the default priority strings.

Just my opinion.

Tim

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0, Tim Rühsen <=
- RE: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0, Peter Williams, 2014/10/15
  - Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0, Daniel Kahn Gillmor, 2014/10/15
- Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0, Tim Rühsen, 2014/10/16

Next by Date: RE: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Next by thread: RE: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Index(es):
- Date
- Thread