Hi Stephen, xemacs-beta,
On Sat, Nov 22, 2014 at 6:03 AM, Stephen J. Turnbull <stephen(a)xemacs.org> wrote:
Johann 'Myrkraverk' Oskarsson writes:
> I'm sure you're all aware of the recent security flaws exposed with SSL3.
> Therefore I have to ask, should we disable SSL2 and SSL3 support in ssl.el?
My own opinion is that any security measure that interrupts the
browsing likely to get disabled, and we really should find better ways
to address these issues.
Then why don't you make an informed decision?
In Chrome, SSL3 will be disabled in version 39, and gone completely in
40, according to this:
Firefox will disable SSL3 by default starting with version 34; see
Apple released security update to Safari; see
Opera as of version 25 has countermeasures; see
Some websites that already don't speak ssl3:
And neither does my bank.
SSL3 is almost 18 years old, and the world is moving on. Why do you
want to hold ssl.el back?
In the end, I really don't care if you want a patch or not; I can do
this for myself.
XEmacs-Beta mailing list