Nathan Mueller wrote: > > I am confused. How can we switch back to SSLv23_method and still be > > compatible with TLSv1_method. Does SSLv23_method support both? > > SSLv23 understands SSLv2, SSLv3 and TLSv1. When used in a client it uses > SSLv2 but tells the server it can understand the other ones too. Check > out the SSL_CTX_new manpage for a lot more details. > > > The SSL author didn't like SSLv23_method (especially SSLv2) and > > I am not > > confident to question his decision. We will just have to break > > backward > > compatibility with pre-7.3 clients. No one else has mentioned it as a > > problem, and in fact most have probably already upgraded to 7.3, so we > > should be OK. > > I agree, TLSv1 is a lot better but there's no point in breaking > backwords compatibility when you don't have to. Also, given my problems > with 7.3's SSL I'd be surprised if a lot of people who use it have made > the switch.
Well, we break backward compatibility so people can't use SSL2 to connect to the server. Backward compatibility to a broken protocol isn't what I would call secure. Is that accurate? -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
