Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0

From:	Daniel Kahn Gillmor
Subject:	Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Date:	Wed, 15 Oct 2014 18:17:22 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Icedove/32.0

On 10/15/2014 05:40 PM, Peter Williams wrote:
> Some of us still use ssl v2
 [...]
> Dont rush, like lemmings.

we are well past the time that anyone who removes either sslv2 or sslv3
can be accused of "rushing" -- if you have special use cases that enable
you to privately use custom/non-standard protocols in ways that you
think are secure, that's fine.  No one will prevent you from doing that.

But please don't encourage the use of protocols with known problems on
the public 'net, where people need to interoperate with each other over
a known-hostile network.

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0, Tim Rühsen, 2014/10/15
- RE: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0, Peter Williams, 2014/10/15
  - Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0, Daniel Kahn Gillmor <=
- Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0, Tim Rühsen, 2014/10/16

Prev by Date: RE: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Next by Date: Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Previous by thread: RE: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Next by thread: Re: [gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Index(es):
- Date
- Thread