[gnutls-devel] disabling SSL 3.0 by default in 3.4.0

Andreas Metzler ametzler at bebt.de
Wed Nov 19 19:45:32 CET 2014


On 2014-10-15 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>  Given the new and old attacks known for SSL 3.0, would it make sense
> to disable SSL 3.0 in the default priority strings?

Hello,

FWIW I have been asked to disable SSL 3.0 by default for GnuTLS in
Debian. <https://bugs.debian.org/769904> The main point being that it
brings consistency across implementations, OpenSSL in Debian is built
without SSLv3 since mid of October.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Gnutls-devel mailing list