-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/06/2014 06:31 PM, Matthew Wild wrote:
> Also note that SSLv3 hasn't been shown to be any less secure than > TLSv1 (in fact they are essentially the same), but TLSv1 is still > very widely used. Therefore there is no security reason to disable > SSLv3, unless you also plan to disable TLSv1 at the same time. And do please note that several weeks ago I updated both the manifesto and draft-saintandre-xmpp-tls to no longer say that software MUST NOT negotiate sslv3. Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSy2npAAoJEOoGpJErxa2pwlcP/jJFQSCTqJX1/mC5FxspMR04 QqLKJzjySdRT3BAcCL4k899HppCxlRkLhR6ShpCNBIRgMOt9ebfME2UneIJE3tV8 tpt9mnfQXjChjlweh1B/DY2X71yjz8RHqIjB2FLY4nJUDcLQcuVRwHumy/sstici 5KolYH4QPYAMFIwHQC1zoqoD0y+cgCeuw8a6Iry8b3ET1xcG93LRezSm5QQJY2Kk EuNUoAb0rlSUPNdkmgxbVzFASLz49O08FqTaZ+iH6BcFjeg5V7om4arB6LhahHum 1OkhV3/RP+5mBSqlwQ+7dD4nKWoB9F22hlDaFKNPj1bkLp4Fr27BlEqMpWiJZ8LC P0hq65DpLAzuotVREzrjW/+/Uuu39XFe+ztTEGcp7doLVoAjV3KDq1HDW6fkp7QU +ZPpzw0PFCmuf6do6iGswtC8wRRQJkuKWhFLFKaODJXFuQNxURA7oerBs9mqYD7a LfHhF2W/rsl9/eTwC7CstpLtuZ4S3fk1in6y+mAbb8novMBrzFOPSxeHdGsftIz6 WCvlvx+90ZYmC8vC3hKze9hmM4XLPcTxeJktJ1E5dPA9/PzLtu6UtieFxl9SYS0e aHKOlGqUu8iOJomWtL/lXVGd0PIdXg5cYF6WeZvtnMcxNO1rok1AVGLNf0N7sAwf 9zAmjry06SVqSIr24moA =2dd2 -----END PGP SIGNATURE-----