On Sun, May 25, 2014 at 02:22:34PM +0200, Hanno B?ck wrote:
> > Typically, leaving SSLv3 enabled is just fine if both ends support
> > something stronger they'll negotiate that.
>
> That's not always true.
In a browser fallback (only relevant here if the OP is implementing
an HTTP server) nothing stronger is advertised by the client.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
