As discussed, https://github.com/apache/trafficserver/pull/589
On Sat, Apr 16, 2016 at 10:46 AM Phil Sorber <sor...@apache.org> wrote: > Ok, here is my final plan then. I am going to mark them all deprecated for > 6.2.x. > > Then after branching I am going to remove all client <-> proxy support and > ifdef out proxy <-> origin support for SSLv3. SSLv2 will be totally gone. > Then add a configure option that reads something like > --enable-deprecated-sslv3-to-origin so you can re-enable it in the case > that you need it, but it's not even compiled in by default. We should also > leave the default as is and remove the config option from the default > config file so you have to track it down in the docs and read about how > unwise it is, etc etc. > > Thanks. > > On Tue, Apr 12, 2016 at 10:27 AM Yongming Zhao <ming....@gmail.com> wrote: > >> +1 >> >> nice to move forward >> >> - Yongming Zhao 赵永明 >> >> > 在 2016年4月10日,下午8:42,Phil Sorber <sor...@apache.org> 写道: >> > >> > I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and >> > remove it in 7.0.0. >> > >> > Currently our defaults do not enable them and have been that way for >> about >> > a year now. For 6.2.0 I'd like to mark them deprecated in the >> > documentation, and then we remove the code for 7.0.0. This will mean >> that >> > as of 7.0.0 you will not be able to enable SSLv2/3 even if your OpenSSL >> > library supports it. >> > >> > Appreciate any feedback. >> > >> > Thanks. >> >>
