On Wed, Nov 6, 2013 at 8:02 PM, Alexander Holler <[email protected]>wrote:
> Not exactly the same, but I don't like the part > > "or require cipher suites that enable forward secrecy" > > for the same reason. OpenSSL 1.x isn't around that long, and there are > still many systems which do use e.g. Debian squeeze. And I assume the > state of OpenSSL on other "stable" systems like e.g. SLES or RHEL isn't > much better (but that's just an assumption from me). > I hate to say it, but... If the TLS implementation you're using in production isn't sufficient, then trying to change what "sufficient" means is probably not the right approach. Dave.
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
