On Mon, Oct 28, 2013 at 8:37 AM, kdex <[email protected]> wrote: > In response to your email subject: Does this include abandoning the > 'legacy SSL' encryption option and finally switching over to TLS only? I'm > not sure why we still have a choice there; isn't legacy SSL more unsecure? >
"Legacy SSL" is just clients mislabelling the option. It just means doing SSL/TLS unnegotiated instead of via STARTTLS. Clients should be preferring newer TLS for that, just the same as STARTTLS.. So it's no less secure in and of itself, although if clients then do XEP-0078 afterwards that's another matter.. /K
