[Operators] Fwd: [jdev] TLS Everywhere

Kevin Smith kevin at kismith.co.uk
Mon Oct 28 08:40:10 UTC 2013


On Mon, Oct 28, 2013 at 8:37 AM, kdex <kdex at kdex.de> wrote:

> In response to your email subject: Does this include abandoning the
> 'legacy SSL' encryption option and finally switching over to TLS only? I'm
> not sure why we still have a choice there; isn't legacy SSL more unsecure?
>


"Legacy SSL" is just clients mislabelling the option. It just means doing
SSL/TLS unnegotiated instead of via STARTTLS. Clients should be preferring
newer TLS for that, just the same as STARTTLS..

So it's no less secure in and of itself, although if clients then do
XEP-0078 afterwards that's another matter..

/K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131028/a45afba6/attachment.html>


More information about the Operators mailing list