[Operators] Removing SSLv3 from ejabberd 2.1.x and 13.x

Peter Saint-Andre stpeter at stpeter.im
Tue Jan 7 02:43:53 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/06/2014 06:31 PM, Matthew Wild wrote:

> Also note that SSLv3 hasn't been shown to be any less secure than 
> TLSv1 (in fact they are essentially the same), but TLSv1 is still
> very widely used. Therefore there is no security reason to disable
> SSLv3, unless you also plan to disable TLSv1 at the same time.

And do please note that several weeks ago I updated both the manifesto
and draft-saintandre-xmpp-tls to no longer say that software MUST NOT
negotiate sslv3.

Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSy2npAAoJEOoGpJErxa2pwlcP/jJFQSCTqJX1/mC5FxspMR04
QqLKJzjySdRT3BAcCL4k899HppCxlRkLhR6ShpCNBIRgMOt9ebfME2UneIJE3tV8
tpt9mnfQXjChjlweh1B/DY2X71yjz8RHqIjB2FLY4nJUDcLQcuVRwHumy/sstici
5KolYH4QPYAMFIwHQC1zoqoD0y+cgCeuw8a6Iry8b3ET1xcG93LRezSm5QQJY2Kk
EuNUoAb0rlSUPNdkmgxbVzFASLz49O08FqTaZ+iH6BcFjeg5V7om4arB6LhahHum
1OkhV3/RP+5mBSqlwQ+7dD4nKWoB9F22hlDaFKNPj1bkLp4Fr27BlEqMpWiJZ8LC
P0hq65DpLAzuotVREzrjW/+/Uuu39XFe+ztTEGcp7doLVoAjV3KDq1HDW6fkp7QU
+ZPpzw0PFCmuf6do6iGswtC8wRRQJkuKWhFLFKaODJXFuQNxURA7oerBs9mqYD7a
LfHhF2W/rsl9/eTwC7CstpLtuZ4S3fk1in6y+mAbb8novMBrzFOPSxeHdGsftIz6
WCvlvx+90ZYmC8vC3hKze9hmM4XLPcTxeJktJ1E5dPA9/PzLtu6UtieFxl9SYS0e
aHKOlGqUu8iOJomWtL/lXVGd0PIdXg5cYF6WeZvtnMcxNO1rok1AVGLNf0N7sAwf
9zAmjry06SVqSIr24moA
=2dd2
-----END PGP SIGNATURE-----


More information about the Operators mailing list