Hey all,
By now, you've probably heard about the POODLE attacks on SSLv3, and our
decision to disable SSLv3 by default in Firefox 34 [1]. Several people have
proposed that we also make this change in Firefox ESR 31.
So I wanted to propose that we also disable SSLv3 by default in ESR 31 at
On Thu, 2014-10-16 at 10:31 -0700, Richard Barnes wrote:
By now, you've probably heard about the POODLE attacks on SSLv3, and
our decision to disable SSLv3 by default in Firefox 34 [1]. Several
people have proposed that we also make this change in Firefox ESR 31.
So I wanted to propose
* Richard Barnes:
If there are any objections or comments on that proposal, please
raise them in this thread.
A lot of this has already been hashed out on the IETF TLS WG mailing
list, with a slightly different perspective.
Why is disabling SSL 3.0 acceptable, but getting rid of the broken
On Thu, 2014-10-16 at 20:27 +0200, Florian Weimer wrote:
A lot of this has already been hashed out on the IETF TLS WG mailing
list, with a slightly different perspective.
Why is disabling SSL 3.0 acceptable, but getting rid of the broken
fallback which will keep endangering users for a long
On Thu, 16 Oct 2014 20:27:24 +0200
Florian Weimer f...@deneb.enyo.de wrote:
* Richard Barnes:
If there are any objections or comments on that proposal, please
raise them in this thread.
A lot of this has already been hashed out on the IETF TLS WG mailing
list, with a slightly different
* Reed Loden:
On Thu, 16 Oct 2014 20:27:24 +0200
Florian Weimer f...@deneb.enyo.de wrote:
* Richard Barnes:
If there are any objections or comments on that proposal, please
raise them in this thread.
A lot of this has already been hashed out on the IETF TLS WG mailing
list, with a
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
Background
NSS currently has two
Florian,
On 10/16/2014 12:50, Florian Weimer wrote:
Neither. I'm talking about the out-of-protocol insecure version
negotiation for TLS implemented in Firefox. That's a broader scope
than bug 689814, which is strictly about fallback to SSL 3.0.
+1
This fallback needs to get removed,
8 matches
Mail list logo