On 08/27/2010 03:46 PM, Wan-Teh Chang wrote: > I propose that we remove SSL 2.0 support from the NSS > trunk (NSS 3.13). > > SSL 2.0 is an old and insecure protocol. No products > should be using SSL 2.0 today. But removing the SSL > 2.0 code from NSS has one major benefit to the continual > development of NSS's SSL library: it'll make the code > base easier to maintain. > As much as I'd like to get rid of SSL 2.0. I'm a little leary of removing it. Particularly if it is a requirement for servers. I don't have the option of staying on old versions of NSS for servers and new ones for clients. > Compared with the "mainstream" SSL 3.0/TLS 1.0 code > in NSS, the SSL 2.0 code was written in a different style > and worse, uses some data structures in a different way. > This confuses people like me who are still learning our > way around the code base but need to add new features. > In addition, when we fix a bug, we always wonder if we > should also fix the bug in the SSL 2.0 code path. > > As we add TLS 1.1 and TLS 1.2 code, it also makes > sense to remove the SSL 2.0 code to reduce the code > size. > > If no one objects, I will be happy to do the work. > consider this a token objection. > Wan-Teh >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
