On 10/07/2013 12:01 PM, Kurt Roeckx wrote: > On Mon, Oct 07, 2013 at 11:17:46AM -0700, Brian Smith wrote: >> On Fri, Oct 4, 2013 at 6:52 PM, Ludovic Hirlimann >> <ludovic+n...@mozilla.com> wrote: >>> Hi, >>> >>> AFAIK NSS still contains code for SSL2 , but no product uses it. SSL2 >>> has been turned off at least 2 years ago. By removing SSL2 code we get : >>> >>> Smaller librarie >>> faster compile time + test time >>> >>> What do you guys think ? >> Hi Ludovic, >> >> I do think it is time to remove SSL 2.0 support from libssl. > I'm all for removing SSL 2.0 support. > > OpenSSL still supports SSL 2.0, but the default cipher list > doesn't include any ciphers that can be used with SSL 2.0 and > so thus disabling the use of SSL 2.0 by default. I assume the > same goes for NSS.
SSL2 has been turned off by default for a while. You can't support SSL 3/TLS extensions with it on. > > In Debian I decided to build openssl since 1.0.0 without SSL 2.0 > support, I didn't receive any negative feedback from that. At > that point it didn't support TLS 1.1 or 1.2 yet since that only > got added in 1.0.1. But the 1.0.0 version wasn't part of any > release. > > > Kurt >
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
