[jdev] manifesto 0.4

Dave Cridland dave at cridland.net
Thu Nov 7 11:16:08 UTC 2013


On Wed, Nov 6, 2013 at 8:02 PM, Alexander Holler <holler at ahsoftware.de>wrote:

> Not exactly the same, but I don't like the part
>
> "or require cipher suites that enable forward secrecy"
>
> for the same reason. OpenSSL 1.x isn't around that long, and there are
> still many systems which do use e.g. Debian squeeze. And I assume the
> state of OpenSSL on other "stable" systems like e.g. SLES or RHEL isn't
> much better (but that's just an assumption from me).
>

I hate to say it, but... If the TLS implementation you're using in
production isn't sufficient, then trying to change what "sufficient" means
is probably not the right approach.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20131107/ea6f470a/attachment.html>


More information about the JDev mailing list