Bruce Momjian wrote:
There are some weaknesses in SSLv2 that were fixed in SSLv3, but it takes a knowledgeable attacker to exploit them. Anyone who is seriously concerned can easily change the startup code in both client and server and migrate to TLSv1. We kept the current approach solely for backward compatibilty.Marc G. Fournier wrote:My suggestion would be to eventually phase out ssl2 in favor of ssl3 or tls. And, as we are phasing it out, make it an opt-in thing, where the dba has to turn on ssl2 KNOWING he is turning on a flawed protocol.That was sort of my point --- if we allow SSLv2 in the server, are we open to any security problems? Maybe not. I just don't know.
Bear
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
