Hello,
Mario Domenech Goulart raised the issue that the OpenSSL egg by default
creates connections that can use any of the SSLv2, SSLv3 or TLSv1.x
protocols, depending on the capabilities of the remote peer.
This default is not particularly secure, especially when considering the
recently
Hi Thomas!
So I would like to poll for opinions from people on this list concerning
this situation. Do you think the default options in the OpenSSL egg
should be hardened? Do you think more options should be introduced? Is
compatibility with the rest of the internet a concern at all? ;-)
We
On Thu, 16 Oct 2014, Andy Bennett wrote:
[...]
Having said that, I'm not sure which clients on which operating systems
are SSL 3.0 only.
[...]
Hello Andy,
if I understand the situation correctly, almost nobody uses SSLv3 since it
was quickly superseded by the newer TLS variants. But the