Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

(This is a repost. I posted this message earlier today, but it seems not to have gone out. Please let me know if you get two copies.) On 2010-09-07 06:20 PDT, Konstantin Andreev wrote: On 08/31/10 05:01, Nelson B Bolyard wrote: On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote: I propose that we

Re[8]: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

On 08/31/10 05:01, Nelson B Bolyard wrote: On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote: I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). [... skip ...] It's something I wanted to do for YEARS, but for as long as I was employed to work on NSS, I was told that

Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

On 2010-09-07 06:20 PDT, Konstantin Andreev wrote: On 08/31/10 05:01, Nelson B Bolyard wrote: On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote: I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). [... skip ...] It's something I wanted to do for YEARS, but for as long as I

Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

On 08/27/2010 03:46 PM, Wan-Teh Chang wrote: I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). SSL 2.0 is an old and insecure protocol. No products should be using SSL 2.0 today. But removing the SSL 2.0 code from NSS has one major benefit to the continual

Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

On 09/01/2010 07:52 PM, Robert Relyea wrote: On 08/27/2010 03:46 PM, Wan-Teh Chang wrote: I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). SSL 2.0 is an old and insecure protocol. No products should be using SSL 2.0 today. That should be sufficient reason to remove

Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

Am Samstag 28 August 2010 schrieb Wan-Teh Chang: SSL 2.0 is an old and insecure protocol. No products should be using SSL 2.0 today. But removing the SSL 2.0 code from NSS has one major benefit to the continual development of NSS's SSL library: it'll make the code base easier to maintain.

RE: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

Hanno Böck wrote: May I make a provocative enhancement proposal? Just remove SSLv3 altogether with it. The reason are bugs like this: https://bugzilla.mozilla.org/show_bug.cgi?id=450280 I think this is unfixable as long as one wants to support SSLv3 (see comment #15), though when using

Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

On Mon, Aug 30, 2010 at 8:12 AM, Brian Smith br...@briansmith.org wrote: Wan-Teh Chang wrote: I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). Would this include support for SSLv2-v3 upgrade hellos? I forgot to talk about this issue. We'll need to keep the server-side

Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote: On Mon, Aug 30, 2010 at 8:12 AM, Brian Smith br...@briansmith.org wrote: Wan-Teh Chang wrote: I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). The entire gather logic, by which incoming records are received, could be

Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). SSL 2.0 is an old and insecure protocol. No products should be using SSL 2.0 today. But removing the SSL 2.0 code from NSS has one major benefit to the continual development of NSS's SSL library: it'll make the code base