On Mon, Dec 15, 2014 at 4:21 PM, Jungle Boogie <[email protected]> wrote: > > So v1 was never released publicly, so no need to continue to support it. > > > Okay, you caught me--I didn't actually look up sslv1. Thanks for the > information, though. It's probably BETTER v1 was never released or else > we'd still have 'clients' that depend on it and no one would be willing to > disable it. ;)
True enough. Security is a trade off between usability and security. If your > product/project is so secure no one can use it, that won't do any good, but > if your product/project is vulnerable where the data can be modified > unwillingly to you, then that's also an issue. The intent with SSL and > later TLS is to encrypt to connection between the server and client, we > know this, but if that encryption can be modified or monitored midstream, > why bother with the encryption? Agreed to the first part about trade offs. The reason to use the encryption if nothing better is available is that plain text is visible to 100% of people who see it, and broken encryption is that it makes casual eavesdropping more difficult. Sometimes something is better than nothing. Again, not saying that people should trust SSL vs TLS. > My OS of choice is also FreeBSD, so good on you. :) I can only guess, but I >> suspect their rationale is similar to mine. It would be nice at least if >> they were to provide a simple knob to disable older insecure protocols, >> but >> that's easy for me to say since I'm not the one in charge of maintaining >> it. >> >> >> > Yes, some config option in fossil would solve all issues. Default v2 & v3 > it to off, of course ;). > I was saying that the knob in SSL would solve *all* issues. A knob in fossil will only solve fossil's issues. :) In any case, I think we agree more than we disagree. And even the disagreement is only one of degree, not philosophy. -- Scott Robison
_______________________________________________ fossil-dev mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/fossil-dev
