On Thu, 23 Oct 2014 20:00:08 +0200 Florian Weimer <f...@deneb.enyo.de> wrote: > * Richard Stallman: > > > I've read that falling back to ssl3 is a real security hole, > > being exploited frequently. That feature should be removed. > > GNUTLS automatically and securely upgrades to a TLS protocol if > supported by the server. Dropping SSL 3.0 support altogether will > only encourage unencrypted connections instead.
I disagree. It will encourage people to upgrade from a flawed protocol to one that works. Many people running servers are utterly unaware that there's anything wrong with what they're using right now -- if you leave in support forever, they'll never figure it out. Perry -- Perry E. Metzger pe...@piermont.com -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org