On 10/30/2014 4:26 PM, Maxim Dounin wrote:
And there are various clients which don't support anything better, including IE6 on XP. [...] Talking about not updated versions from security point of view is mostly pointless, as there are multiple security problems fixed on a regular basis, and not updated means not secure.
Well, that's actually my point. Those old libraries and clients shouldn't be supported since they are, well, old. Like the old versions of the others.
Also note that SSLv3's RFC has status HISTORIC. The guys over at the IETF TLS list are talking about deprecating it, but some parties argue that the HISTORIC status is equivalent to deprecation.
Richard
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
