SSLv3 was disabled because it’s exploitable! https://www.us-cert.gov/ncas/alerts/TA14-290A
On June 5, 2018 at 4:05:36 PM, Kadah Coba (kadah.c...@gmail.com) wrote: On 6/4/2018 10:41 PM, Dahlia Trimble wrote: > I can't believe that Apple will remove an API that so many > applications use. I've seen Apple do worse in the past with less warning. Apple disabled SSLv3 by default in iOS 9 and an OSX update (maybe around 10.11, can't remember) without warning. This would have been fine since any updated server would also support TLS, except Apple screwed up somewhere and many Apple apps, like Mail, would still attempt to connect using SSLv3 but then fail with a typically Apple style unhelpful error when the OS doesn't allow it to use SSLv3 because the app's plist config doesn't allow for an exception. I got around this by disabling SSLv3 and enforcing TLS only, which flagged dayed email for Apple users. Before I did that, if they updated to iOS9, they couldn't get email; after I made the changes, they required iOS9, and likely an account delete and readd on their phone because Apple. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
