Am Samstag 28 August 2010 schrieb Wan-Teh Chang: > SSL 2.0 is an old and insecure protocol. No products > should be using SSL 2.0 today. But removing the SSL > 2.0 code from NSS has one major benefit to the continual > development of NSS's SSL library: it'll make the code > base easier to maintain.
May I make a provocative enhancement proposal? Just remove SSLv3 altogether with it. The reason are bugs like this: https://bugzilla.mozilla.org/show_bug.cgi?id=450280 I think this is unfixable as long as one wants to support SSLv3 (see comment #15), though when using SNI, this is imho a rather serious issue. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: ha...@hboeck.de http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed message part.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
