trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Masaori Koshiba <masa...@apache.org>
Subject Re: Deprecation of SSL v2/3
Date Mon, 11 Apr 2016 01:31:49 GMT
+1

2016年4月11日(月) 9:57 Uri Shachar <ushachar@hotmail.com>:

> > On Apr 10, 2016, at 7:42 AM, Phil Sorber <sorber@apache.org> wrote:
> >
> > I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> > remove it in 7.0.0.
> >
> > Currently our defaults do not enable them and have been that way for
> about
> > a year now. For 6.2.0 I'd like to mark them deprecated in the
> > documentation, and then we remove the code for 7.0.0. This will mean that
> > as of 7.0.0 you will not be able to enable SSLv2/3 even if your OpenSSL
> > library supports it.
>
> +1 to disabling for client <-> proxy connections.
> Completely disabling for proxy <-> origin is somewhat problematic for the
> forward proxy use case -- there are still some lingering SSLv3 servers out
> there, especially inside LANs....
>
>                           Cheers,
>                                      Uri

Mime
View raw message