On Thu, 2014-10-16 at 20:27 +0200, Florian Weimer wrote: > A lot of this has already been hashed out on the IETF TLS WG mailing > list, with a slightly different perspective. > > Why is disabling SSL 3.0 acceptable, but getting rid of the broken > fallback which will keep endangering users for a long time to come is > not?
Please let's make sure there are no misunderstandings. Do you claim that Firefox 34 will continue to fall back to SSL 3 when necessary? I was hoping that Firefox 34 would completely disable SSL 3, no longer accepting servers requesting to use that version, and no longer initiating any SSL 3 connections, not even when falling back. Did I understand incorrectly? Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto