Thanks for writing in! We've got a fix for this that's going into the next 4.0.3 stable release, next week.
On 01/17/2015 09:09 AM, Maciej Soltysiak wrote: > Hi David, > > On Sat, Jan 17, 2015 at 5:52 PM, David W. Armstrong < > [email protected]> wrote: > >> Since from the comments, the intent of the code is to disable a setting of >> 0 for security.tls.version.min, it would seem good to check for the current >> setting and only change it to 1 if it is less than 1. That way the user can >> more easily choose to maintain a higher security setting. >> > As a user and someone who cares for this setting I would agree with you > that the intent to disable ssl3 shouldn't lower the bar for a user who set > it to more. +1 from me. > > This actually is something I've been thinking about for some time: how do > you ensure that nothing changes your carefully crafted settings? I mean, I > disable RC4 and DES ciphers. > > Best regards, > Maciej > > > > _______________________________________________ > HTTPS-Everywhere mailing list > [email protected] > https://lists.eff.org/mailman/listinfo/https-everywhere > _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
