[gnutls-devel] disabling SSL 3.0 by default in 3.4.0
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Oct 15 22:00:17 CEST 2014
On 10/15/2014 09:25 AM, Nikos Mavrogiannopoulos wrote:
> Given the new and old attacks known for SSL 3.0, would it make sense
> to disable SSL 3.0 in the default priority strings?
Yes, i think so. We could add SSL 3.0 into the %COMPAT%
pseudo-priority, but other than that, i don't think we should be
supporting SSLv3.0 by default any more.
--dkg
PS i find i often need to refer to the full GnuTLS documentation when
i'm trying to cook up a new priority string. Sometimes, i'm configuring
a machine that has a different version of GnuTLS than i have on my local
machine (where i have the full documentation installed) Is the priority
string specification available in any of the manpages or as something
that one of the tools could emit by default? (e.g. "gnutls-cli
--help-priority") That would make it much easier in the future to know
how to craft a string that would interoperate with the version of gnutls
i'm testing with.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141015/2ad01af0/attachment.sig>
More information about the Gnutls-devel
mailing list