Hi, 2014-10-16 10:34 GMT+02:00 Neil - HAProxy List < [email protected]>:
> I'd go further. Sslv3 us an obsolete protocol does anyone disagree with > that? > > For a start make no-sslv3 the default and have a enable-obsolete-sslv3 > option. > Or better make enabling it a compile time option. > > Or maybe just get rid of it altogether? > I do not agree. Backward compatibility is really important for software like HAProxy. So if you start disabling this feature, it would lead to tons of bug reports. Moreover, I do not agree that disabling Sslv3 is absolutely necessary. There are still plenty of websites around that must keep support for WinXP+IE6. Even Google did not deactivate sslv3 on their server (they are using a mitigating solution instead). In my own opinion, being able to deactivate it on defaults section might help, but don't change default behaviour. Olivier
