Some of us still use ssl v2, between hsm and its client lib. But then the app protocol is not http (bring carefully thought out, to complement ssl features). One can force handshakes, to mac ciphertexr.
Lots of NSA deception & social engineering being used (to engineer upgrades...). Usual vendors and jounos being used, to manipulate the cryptonet.
Dont rush, like lemmings.
Sent from my Windows Phone
Am Mittwoch, 15. Oktober 2014, 15:25:34 schrieb Nikos Mavrogiannopoulos:
> Hello,
> Given the new and old attacks known for SSL 3.0, would it make sense
> to disable SSL 3.0 in the default priority strings?
>
Wget for example uses GnuTLS default settings as default.
Changing the default priority strings in GnuTLS gives the security benefit to
Wget without changing Wget's code. That is a good reason to use GnuTLS (or
other libraries) default settings in clients.
Some scenarios might break ... but since we all want to go away from SSLv3
towards TLS (the sooner the better), it seems to be a good choice to me to
change the default priority strings.
Just my opinion.
Tim