[gnutls-devel] disabling SSL 3.0 by default in 3.4.0

Tim Rühsen tim.ruehsen at gmx.de
Wed Oct 15 21:22:12 CEST 2014

Am Mittwoch, 15. Oktober 2014, 15:25:34 schrieb Nikos Mavrogiannopoulos:
> Hello,
>  Given the new and old attacks known for SSL 3.0, would it make sense
> to disable SSL 3.0 in the default priority strings?

Wget for example uses GnuTLS default settings as default.
Changing the default priority strings in GnuTLS gives the security benefit to 
Wget without changing Wget's code. That is a good reason to use GnuTLS (or 
other libraries) default settings in clients.

Some scenarios might break ... but since we all want to go away from SSLv3 
towards TLS (the sooner the better), it seems to be a good choice to me to 
change the default priority strings.

Just my opinion.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141015/e695a472/attachment.sig>

More information about the Gnutls-devel mailing list