As discussed,
https://github.com/apache/trafficserver/pull/589
On Sat, Apr 16, 2016 at 10:46 AM Phil Sorber wrote:
> Ok, here is my final plan then. I am going to mark them all deprecated for
> 6.2.x.
>
> Then after branching I am going to remove all client <-> proxy support and
> ifdef out pro
Ok, here is my final plan then. I am going to mark them all deprecated for
6.2.x.
Then after branching I am going to remove all client <-> proxy support and
ifdef out proxy <-> origin support for SSLv3. SSLv2 will be totally gone.
Then add a configure option that reads something like
--enable-depr
+1
nice to move forward
- Yongming Zhao 赵永明
> 在 2016年4月10日,下午8:42,Phil Sorber 写道:
>
> I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> remove it in 7.0.0.
>
> Currently our defaults do not enable them and have been that way for about
> a year now. For 6.2.0 I'd like to
SSLv2 has been deprecated for 20 years. No browsers supports it. MACs are
based on long dead MD5, and SHA1. Handshakes are not protected from MITM
corruption, cipher downgrades, or padding attacks. The ciphers are weak, some
now considered merely obfuscation. And now with DROWN, whole comp
+1
On Tuesday, April 12, 2016 7:56 AM, Steven R. Feltner
wrote:
+1
> -Original Message-
> From: Phil Sorber [mailto:sor...@apache.org]
> Sent: Sunday, April 10, 2016 8:43 AM
> To: dev@trafficserver.apache.org; us...@trafficserver.apache.org
> Subject: Deprecat
+1
> -Original Message-
> From: Phil Sorber [mailto:sor...@apache.org]
> Sent: Sunday, April 10, 2016 8:43 AM
> To: dev@trafficserver.apache.org; us...@trafficserver.apache.org
> Subject: Deprecation of SSL v2/3
>
> I'd like to propose that we deprecate SSLv2
+1 to disable for client <-> proxy
but please keep sslv2/v3 for proxy <-> origin.
I'm implement a man in the middle ssl forward proxy with ats.
发自我的 iPhone
在 2016年4月11日,08:57,Uri Shachar 写道:
>> On Apr 10, 2016, at 7:42 AM, Phil Sorber wrote:
>>
>> I'd like to propose that we deprecate SSLv2
+1
The consequences from DROWN (CVE-2016-0800 and CVE-2016-0703 ) are too severe
on the whole shared cert infrastructure from just one machine being
accidentally configured to allow SSLv2.
I filed this ticket:https://issues.apache.org/jira/browse/TS-4247
On Sunday, April 10, 2016 8:33
+1
2016年4月11日(月) 9:57 Uri Shachar :
> > On Apr 10, 2016, at 7:42 AM, Phil Sorber wrote:
> >
> > I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> > remove it in 7.0.0.
> >
> > Currently our defaults do not enable them and have been that way for
> about
> > a year now. For
> On Apr 10, 2016, at 7:42 AM, Phil Sorber wrote:
>
> I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> remove it in 7.0.0.
>
> Currently our defaults do not enable them and have been that way for about
> a year now. For 6.2.0 I'd like to mark them deprecated in the
> docu
+1
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: https://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641
On Sun, 10 Apr 2016, at 14:42, Phil Sorber wrote:
> I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> remove
+1
> On Apr 10, 2016, at 8:42 AM, Phil Sorber wrote:
>
> I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> remove it in 7.0.0.
>
> Currently our defaults do not enable them and have been that way for about
> a year now. For 6.2.0 I'd like to mark them deprecated in the
>
> On Apr 10, 2016, at 7:42 AM, Phil Sorber wrote:
>
> I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> remove it in 7.0.0.
>
> Currently our defaults do not enable them and have been that way for about
> a year now. For 6.2.0 I'd like to mark them deprecated in the
> doc
I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
remove it in 7.0.0.
Currently our defaults do not enable them and have been that way for about
a year now. For 6.2.0 I'd like to mark them deprecated in the
documentation, and then we remove the code for 7.0.0. This will mean t
14 matches
Mail list logo
