trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Sorber <sor...@apache.org>
Subject Re: Deprecation of SSL v2/3
Date Wed, 20 Apr 2016 21:25:28 GMT
As discussed,

https://github.com/apache/trafficserver/pull/589

On Sat, Apr 16, 2016 at 10:46 AM Phil Sorber <sorber@apache.org> wrote:

> Ok, here is my final plan then. I am going to mark them all deprecated for
> 6.2.x.
>
> Then after branching I am going to remove all client <-> proxy support and
> ifdef out proxy <-> origin support for SSLv3. SSLv2 will be totally gone.
> Then add a configure option that reads something like
> --enable-deprecated-sslv3-to-origin so you can re-enable it in the case
> that you need it, but it's not even compiled in by default. We should also
> leave the default as is and remove the config option from the default
> config file so you have to track it down in the docs and read about how
> unwise it is, etc etc.
>
> Thanks.
>
> On Tue, Apr 12, 2016 at 10:27 AM Yongming Zhao <ming.zym@gmail.com> wrote:
>
>> +1
>>
>> nice to move forward
>>
>> - Yongming Zhao 赵永明
>>
>> > 在 2016年4月10日,下午8:42,Phil Sorber <sorber@apache.org> 写道:
>> >
>> > I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
>> > remove it in 7.0.0.
>> >
>> > Currently our defaults do not enable them and have been that way for
>> about
>> > a year now. For 6.2.0 I'd like to mark them deprecated in the
>> > documentation, and then we remove the code for 7.0.0. This will mean
>> that
>> > as of 7.0.0 you will not be able to enable SSLv2/3 even if your OpenSSL
>> > library supports it.
>> >
>> > Appreciate any feedback.
>> >
>> > Thanks.
>>
>>

Mime
View raw message