trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Uri Shachar <ushac...@hotmail.com>
Subject Re: Deprecation of SSL v2/3
Date Mon, 11 Apr 2016 00:57:43 GMT
> On Apr 10, 2016, at 7:42 AM, Phil Sorber <sorber@apache.org> wrote:
> 
> I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> remove it in 7.0.0.
> 
> Currently our defaults do not enable them and have been that way for about
> a year now. For 6.2.0 I'd like to mark them deprecated in the
> documentation, and then we remove the code for 7.0.0. This will mean that
> as of 7.0.0 you will not be able to enable SSLv2/3 even if your OpenSSL
> library supports it.

+1 to disabling for client <-> proxy connections.
Completely disabling for proxy <-> origin is somewhat problematic for the forward proxy
use case -- there are still some lingering SSLv3 servers out there, especially inside LANs....

                          Cheers,
                                     Uri
Mime
View raw message