+1 2016年4月11日(月) 9:57 Uri Shachar <ushac...@hotmail.com>:
> > On Apr 10, 2016, at 7:42 AM, Phil Sorber <sor...@apache.org> wrote: > > > > I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and > > remove it in 7.0.0. > > > > Currently our defaults do not enable them and have been that way for > about > > a year now. For 6.2.0 I'd like to mark them deprecated in the > > documentation, and then we remove the code for 7.0.0. This will mean that > > as of 7.0.0 you will not be able to enable SSLv2/3 even if your OpenSSL > > library supports it. > > +1 to disabling for client <-> proxy connections. > Completely disabling for proxy <-> origin is somewhat problematic for the > forward proxy use case -- there are still some lingering SSLv3 servers out > there, especially inside LANs.... > > Cheers, > Uri
