[Operators] Removing SSLv3 from ejabberd 2.1.x and 13.x
dave at cridland.net
Tue Jan 7 09:14:00 UTC 2014
On Tue, Jan 7, 2014 at 2:43 AM, Peter Saint-Andre <stpeter at stpeter.im>wrote:
> And do please note that several weeks ago I updated both the manifesto
> and draft-saintandre-xmpp-tls to no longer say that software MUST NOT
> negotiate sslv3.
Hopelessly wrong mailing list, but:
Might be worth clarifying that slightly to "MUST NOT negotiate as client
unless no other version is available; MAY accept as server in order to
allow for older implementations"? I think that's the sense we're intending,
(And yes, I appreciate that "MUST NOT ... UNLESS" is the moral equivalent
of "SHOULD NOT").
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Operators