gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0

From: Peter Williams
Subject: RE: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Date: Wed, 15 Oct 2014 14:40:15 -0700
Some of us still use ssl v2, between hsm and its client lib. But then the app protocol is not http (bring carefully thought out, to complement ssl features). One can force handshakes, to mac ciphertexr.

Lots of NSA deception & social engineering being used (to engineer upgrades...). Usual vendors and jounos being used, to manipulate the cryptonet.

Dont rush, like lemmings.



Sent from my Windows Phone
From: Tim Rühsen
Sent: ‎10/‎15/‎2014 12:22 PM
To: address@hidden
Cc: GnuTLS development list
Subject: Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0

Am Mittwoch, 15. Oktober 2014, 15:25:34 schrieb Nikos Mavrogiannopoulos:
> Hello,
>  Given the new and old attacks known for SSL 3.0, would it make sense
> to disable SSL 3.0 in the default priority strings?
>

Wget for example uses GnuTLS default settings as default.
Changing the default priority strings in GnuTLS gives the security benefit to
Wget without changing Wget's code. That is a good reason to use GnuTLS (or
other libraries) default settings in clients.

Some scenarios might break ... but since we all want to go away from SSLv3
towards TLS (the sooner the better), it seems to be a good choice to me to
change the default priority strings.

Just my opinion.

Tim
_______________________________________________
Gnutls-devel mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/gnutls-devel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]