On Friday, 2 December 2016 16:12:05 CET Salz, Rich wrote: > > Here's a useful and effective meme for convincing bosses that it's ok to > > turn off SSLv3: all known versions of SSL are broken and should never be > > used. Please do not break this meme by trying to rename TLS to SSL. > > Is "all known versions before SSL 4" that much worse?
given: 1. we have people that need support for SSLv3 and SSLv2 style Client Hello messages (The Web is not the only place where SSL/TLS is deployed), let alone TLS 1.0 2. TLS 1.2 is not broken (so the statement is demonstrably false) yes, it is much worse -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
