[gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Andreas Metzler
ametzler at bebt.de
Wed Nov 19 19:45:32 CET 2014
On 2014-10-15 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> Given the new and old attacks known for SSL 3.0, would it make sense
> to disable SSL 3.0 in the default priority strings?
Hello,
FWIW I have been asked to disable SSL 3.0 by default for GnuTLS in
Debian. <https://bugs.debian.org/769904> The main point being that it
brings consistency across implementations, OpenSSL in Debian is built
without SSLv3 since mid of October.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gnutls-devel
mailing list