trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Sorber <sor...@apache.org>
Subject Re: Deprecation of SSL v2/3
Date Sat, 16 Apr 2016 16:46:19 GMT
Ok, here is my final plan then. I am going to mark them all deprecated for
6.2.x.

Then after branching I am going to remove all client <-> proxy support and
ifdef out proxy <-> origin support for SSLv3. SSLv2 will be totally gone.
Then add a configure option that reads something like
--enable-deprecated-sslv3-to-origin so you can re-enable it in the case
that you need it, but it's not even compiled in by default. We should also
leave the default as is and remove the config option from the default
config file so you have to track it down in the docs and read about how
unwise it is, etc etc.

Thanks.

On Tue, Apr 12, 2016 at 10:27 AM Yongming Zhao <ming.zym@gmail.com> wrote:

> +1
>
> nice to move forward
>
> - Yongming Zhao 赵永明
>
> > 在 2016年4月10日,下午8:42,Phil Sorber <sorber@apache.org> 写道:
> >
> > I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> > remove it in 7.0.0.
> >
> > Currently our defaults do not enable them and have been that way for
> about
> > a year now. For 6.2.0 I'd like to mark them deprecated in the
> > documentation, and then we remove the code for 7.0.0. This will mean that
> > as of 7.0.0 you will not be able to enable SSLv2/3 even if your OpenSSL
> > library supports it.
> >
> > Appreciate any feedback.
> >
> > Thanks.
>
>

Mime
View raw message