On Sun, May 25, 2014 at 02:22:34PM +0200, Hanno B?ck wrote: > > Typically, leaving SSLv3 enabled is just fine if both ends support > > something stronger they'll negotiate that. > > That's not always true.
In a browser fallback (only relevant here if the OP is implementing an HTTP server) nothing stronger is advertised by the client. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org