https://bugs.kde.org/show_bug.cgi?id=342567
--- Comment #10 from Teemu Torma <[email protected]> --- I might add that disabling SSLv3 from auto negotiation has really nothing to do with it being the only protocol available. The problem is that man-in-the-middle can cause the auto negotiation to fail. Even if both server and client support TLSv1.2, man-in-the-middle can signal client that protocol is not supported, thus client tries lower protocol versions until the connection with SSLv3 succeeds and is vulnerable to POODLE attack. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list [email protected] https://mail.kde.org/mailman/listinfo/kdepim-bugs
