Hanno Böck wrote: > May I make a provocative enhancement proposal? Just remove SSLv3 altogether > with it. > > The reason are bugs like this: > https://bugzilla.mozilla.org/show_bug.cgi?id=450280 > > I think this is unfixable as long as one wants to support SSLv3 (see comment > #15), > though when using SNI, this is imho a rather serious issue.
Let's not mix in that discussion with the SSL 2.0 discussion. Removing SSL 3.0 support is clearly not realistic. Similar issues will arise when TLS 1.1 & 1.2 support is added. I believe there are ways to make TLS version rollback safer in the short term while maintaining a high level of compatibility. For example, a mechanism similar to IE8's compatibility view list could be used to accelerate the rollback for known-bad sites, prevent rollback for slow-but-good sites, and maybe make longer timeouts for unknown websites more bearable. A long term solution will involve creating better documentation for server administrators and better server software that makes it less likely that less experienced server administrators will configure their servers poorly due to naming confusion (e.g. thinking "SSL 3.0 > TLS 1.0 because 3.0 > 1.0"), compatibility worries, or performance concerns. For example, given [1], many server administrators will either enable SSL2 along with safer versions because that's Apache's default, and many will enable only SSLv3 because it says that is what most browsers support and TLS 1.0 "has been obsoleted." [1] http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol Regards, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
