Le jeudi 12 mars 2015 à 17:26 +0100, Vincent Lefevre a écrit : > But SSLv3-only clients are unsafe and already break with many sites. > It might still be useful for some intranets, that's why it may be > better to just change the config file for now, and I don't see any > problem with that. An admin can still revert the change in a config > file if need be.
In a perfect world, that would be the case. Nevertheless, trust me on this: numerous professionals are blocked by their IT to IE6, as sad as it sounds, and, because of this, it was only when POODLE became public that we dropped IE6 support. Even then, there were still some customers using it because their enterprise left them no choice, and, as IE6 have TLS disabled by default, some people just cannot do without SSLv3, because they can't get rid of IE6 users, and explaining to all of them how to enable TLS would be too complicated. -- David Guyot Administrateur système, réseau et télécom / Sysadmin Europe Camions Interactive / Stockway Moulin Collot F-88500 Ambacourt 03 29 30 47 85
signature.asc
Description: This is a digitally signed message part
