On Fri, Mar 18, 2016 at 08:31:36AM -0600, Bob Beck wrote: > > But it officially requires support for IPP version 1.0, which used > > SSLv3. > > I assume that there are printers, perhaps many were sold, which did use > > version 1.0. That version used SSLv3 for encrypted communication. Which > > is now gone. > > Almost certainly. > > > > > How should we deal with this problem? > > Here's a nickel kid - buy a better printer? >
That makes sense. Any big operation is going to be replacing printers regularly due to hwavy use. Any small operation probably won't have much in the way of security needs. I don't know much about OpenSSL, "nice" to know that crap is still buildable for those "special" needs. Chris > Seriously. we just won't be conformant. These protocols are designed > by industry consortiums who want to sell product at lowest cost, not > care about security. If you seriously must have insecure stuff, > well, that's why OpenSSL still exists, you can always build with that.