Hello! On Wed, Oct 29, 2014 at 09:17:04PM -0700, Piotr Sikora wrote:
> # HG changeset patch > # User Piotr Sikora <[email protected]> > # Date 1414642398 25200 > # Wed Oct 29 21:13:18 2014 -0700 > # Node ID bf17486e5d30574b870926b76c1d6f421e4def75 > # Parent 87ada3ba1392fadaf4d9193b5d345c248be32f77 > SSL: don't enable SSLv3 by default. This was discussed excessively both in the office here and in Russian mailing list a while ago, and consensus is that we are not changing the default for now. Rationale is as follows: - SSLv3 is still important from compatibility point of view, there are various clients which doesn't support (or enable by default) anything better; - Mitigation for POODLE is already good and improving, including fallback protection via TLS_FALLBACK_SCSV and anti-POODLE record splitting; so, basically, modern browsers are not affected. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
