Hey all, By now, you've probably heard about the POODLE attacks on SSLv3, and our decision to disable SSLv3 by default in Firefox 34 [1]. Several people have proposed that we also make this change in Firefox ESR 31.
So I wanted to propose that we also disable SSLv3 by default in ESR 31 at about the same time as we do it in 34, that is, around November 25. If there are any objections or comments on that proposal, please raise them in this thread. Thanks, --Richard [1] https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto