I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). SSL 2.0 is an old and insecure protocol. No products should be using SSL 2.0 today. But removing the SSL 2.0 code from NSS has one major benefit to the continual development of NSS's SSL library: it'll make the code base easier to maintain.
Compared with the "mainstream" SSL 3.0/TLS 1.0 code in NSS, the SSL 2.0 code was written in a different style and worse, uses some data structures in a different way. This confuses people like me who are still learning our way around the code base but need to add new features. In addition, when we fix a bug, we always wonder if we should also fix the bug in the SSL 2.0 code path. As we add TLS 1.1 and TLS 1.2 code, it also makes sense to remove the SSL 2.0 code to reduce the code size. If no one objects, I will be happy to do the work. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto