Hi David, On Sat, Jan 17, 2015 at 5:52 PM, David W. Armstrong < [email protected]> wrote:
> Since from the comments, the intent of the code is to disable a setting of > 0 for security.tls.version.min, it would seem good to check for the current > setting and only change it to 1 if it is less than 1. That way the user can > more easily choose to maintain a higher security setting. > As a user and someone who cares for this setting I would agree with you that the intent to disable ssl3 shouldn't lower the bar for a user who set it to more. +1 from me. This actually is something I've been thinking about for some time: how do you ensure that nothing changes your carefully crafted settings? I mean, I disable RC4 and DES ciphers. Best regards, Maciej
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
