On 7 jan. 2014, at 02:31, Matthew Wild <[email protected]> wrote: > Also note that SSLv3 hasn't been shown to be any less secure than > TLSv1 (in fact they are essentially the same), but TLSv1 is still very > widely used. Therefore there is no security reason to disable SSLv3, > unless you also plan to disable TLSv1 at the same time.
In general this is simply not true. There are many extensions to TLS 1.0 that are not defined for SSL 3. For example OCSP stapling, SNI, the curve indication for ECDHE. True, SNI and OCSP stapling won't have much effect on XMPP (I would like to know if there is an XMPP server that actually implements OCSP stapling!), but it could mean an active attacker is capable of forcing a client to not use forward-secrecy, which would be bad. It's also less of a concern if it is true that XMPP clients don't downgrade outside the TLS protocol. Sadly, Adium will try again with only SSL 3 when a MAC failure occurs during the handshake. I'm not happy with it, but it is necessary for some servers. I don't really know whether other clients have similar workarounds. Thijs
signature.asc
Description: Message signed with OpenPGP using GPGMail
