On Tue, 20 Dec 2011 21:06:28 +0100, Eric Rescorla <[email protected]> wrote:
On Tue, Dec 20, 2011 at 9:36 AM, Anne van Kesteren <[email protected]>
wrote:
Surely this should be patched in the base
specification rather than in every API that interacts with it. I do not
want to make the life of the guy implementing XMLHttpRequest more
difficult if the problem is supposed to be addressed at the TLS layer
anyway.
The problem was addressed at the TLS layer 5 years ago when we issued
TLS 1.1.
If support for the old version cannot be removed it does not seem to me
that the problem is actually addressed as far as user agents that have to
support legacy servers are concerned.
--
Anne van Kesteren
http://annevankesteren.nl/
