[Operators] Removing SSLv3 from ejabberd 2.1.x and 13.x

Dave Cridland dave at cridland.net
Tue Jan 7 09:14:00 UTC 2014


On Tue, Jan 7, 2014 at 2:43 AM, Peter Saint-Andre <stpeter at stpeter.im>wrote:

> And do please note that several weeks ago I updated both the manifesto
> and draft-saintandre-xmpp-tls to no longer say that software MUST NOT
> negotiate sslv3.
>

Hopelessly wrong mailing list, but:

Might be worth clarifying that slightly to "MUST NOT negotiate as client
unless no other version is available; MAY accept as server in order to
allow for older implementations"? I think that's the sense we're intending,
isn't it?

(And yes, I appreciate that "MUST NOT ...  UNLESS" is the moral equivalent
of "SHOULD NOT").

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140107/2358ebab/attachment-0001.html>


More information about the Operators mailing list