On Wed, Oct 15, 2014 at 11:57:47AM +0200, Tim Rühsen wrote: > (means, the libraries defaults are used, whatever that is). > > Should we break compatibility and map 'auto' to TLSv1 ? > For the security of the users.
Please no. Instead of changing each TLS program, one should patch only the TLS library. This is the reason why why have shared libraries. So just report the issue to your vendor, he will fix few TSL implementations he delivers and all application will get fixed automatically. -- Petr
Description: PGP signature