-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/29/2013 06:44 PM, Thijs Alkemade wrote: > > On 30 okt. 2013, at 01:21, Mathieu Pasquet <mathi...@mathieui.net> > wrote: > >> Dropping SSLv2 is all good and I?m not even sure why SSLv2 was >> supported initially (doesn?t xmpp appear after SSLv3 was >> standardized?), but dropping SSLv3, while also a good idea, might >> cause issues with lots of servers (not naming legacy ejabberd or >> openfire under old debian or centos). Hopefully, we have some >> time to wake up some admins before the dates set in the >> manifesto, but I hope the test days will help troubleshooting the >> ones that don?t get the memo. > > That?s what xmpp.net is now for: helping us make these policy > decisions. :) > > So far, two tests have shown a server supported SSLv3 but not TLS > 1.0, both for c2s to palemoon.net: > > http://xmpp.net/result.php?id=324 > http://xmpp.net/result.php?id=142 > > However, considering the cipher list did not finish I would assume > the sever started IP banning xmpp.net, leading to inaccurate > results. > > So from the directory list, even the servers running ejabberd 2.1.2 > (released 3.5 years ago) and Openfire 3.64 (released 4.5 years ago) > support TLS 1.0.
That result for palemoon.net is odd, since it's using Openfire 3.8.2. > How many clients don't support TLS 1.0 I do not (yet) have data of, > though. We'll find out. A few years ago, at the jabber.org server we required SSL/TLS for client connections and a fair number of users couldn't connect. However, most of them were using an old version of MacOS (10.4, IIRC). I expect the results to be better this time around. Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJScGOgAAoJEOoGpJErxa2p60IP/3uoaQNRozPRlCUQ3JrpHSOr 36uSKrfZmPpJJkeg6wInhiRBslH3KNYOSXY21ppDmP0D8WyEAwDwo2qp2KWN7amL 7kAepRfp+hb9R7FCrDPshXj8hmaUMyknFtrGoz/SN/OcYG8Ix+TVjzwd16pzqpMl P24CXEEaOUvVkeBhTirVizZqdZsO1yKteoQV5Wbe0VAI8fHGZI70D+Z0KbsfPkxX ZEuwcLi6nkBpNYfHxbsLt8lz4tYtbkZmbY7jrTz1WCYGvuHyaP1OArSeipgM9uUh zlZQFXcpPrUe0i4q1MAWHs6LTfKfZe4ZEa9ehTRpKzD+KwKu28IJkRJxb2ontOB7 Si65NGkU+bC2n6GVcED+LsTKYI+7UzNcRnuPcjsfo/yg0QbjagWs+N1p22LMrZm/ bor/P2RQC/cg5S64k2kZ0q4MAgj+cCrJUwIj6WQR/SVRyqYS9D4UeY4CqGAEs+zZ 6Y8IK1v1rKq/hhg1T6CHvp5ZlRJcDr3h2Mus5WC3KPmgugHc0Sw0LbjpQOea+SEV TtbMt39dL4JTZR534ufk3CFjDPdyQagsJ2TYDj3ZZ+j1IZM5U7WommCwW3jEahjn ANifXTJyi92XJUdQmH7qSgFs5p1OqlVq4wjw4AGpnz2VhBy0s0VouyvZKzBz0qfX AAiTQjGUYStkKfbXUWA1 =Dh00 -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
