[Operators] SSLv3 is out.

Mathias Ertl mati at fsinf.at
Wed Oct 15 13:13:29 UTC 2014


On Wed, Oct 15, 2014 at 10:59:02AM +0200, Christoph Gebhardt wrote:
> Quoting Jonas Wielicki (2014-10-15 09:47:23)
> > I’m not confident that this attack is (like BEAST and CRIME) relevant
> > for XMPP.
> But is SSLv3 relevant in the XMPP world?
> In the web world this is a problem with ancient Internet Explorers on
> Windows XP machines, everything else supports TLS, at least according
> to ssllabs.com.
> Does anyone know of any XMPP client that needs the server to offer SSLv3?

This is of course anecdotal evidence, but jabber.at had SSLv3 deaktivated
for several months. We haven't received any complaints so far, even though
we posted on our website to contact us if anyone had problems connecting.

greetings, Mati

I only read plain text mail! I prefer pgp|gpg signed & encrypted mails!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20141015/485680ad/attachment.sig>

More information about the Operators mailing list