[gnutls-devel] GnuTLS | Outdated information on SSL 3.0 in documentation (#1068)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Aug 16 16:09:22 CEST 2020



gandaro created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1068



In the documentation, in Chapter 3.8 "On SSL 2 and older protocols", it says (highlighted by me):

> [...] the SSL 3.0 protocol was implemented since it is still the only protocol supported by several servers and **there are no serious security vulnerabilities known.**

The first half of the sentence is probably false nowadays, and the statement regarding the security of SSL 3.0 should surely be removed.

Maybe the chapter could be replaced by a short paragraph explaining that SSL 2.0 and 3.0 have been deprecated and that 3.0 support is planned to be dropped entirely from GnuTLS in the future. Maybe the elaborate information on SSL 2.0 is also not needed anymore.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1068
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200816/9ef5d73f/attachment.html>


More information about the Gnutls-devel mailing list