On Thu, 23 Oct 2014 20:00:08 +0200 Florian Weimer <f...@deneb.enyo.de>
wrote:
> * Richard Stallman:
> 
> > I've read that falling back to ssl3 is a real security hole,
> > being exploited frequently.  That feature should be removed.
> 
> GNUTLS automatically and securely upgrades to a TLS protocol if
> supported by the server.  Dropping SSL 3.0 support altogether will
> only encourage unencrypted connections instead.

I disagree. It will encourage people to upgrade from a flawed
protocol to one that works. Many people running servers are utterly
unaware that there's anything wrong with what they're using right now
-- if you leave in support forever, they'll never figure it out.

Perry
-- 
Perry E. Metzger                pe...@piermont.com


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to