mån 2011-01-24 klockan 01:52 +0000 skrev Amos Jeffries:
> Which brings up a point of whether its worth and possible to drop SSLv2
> from the defaults?
> Making SSLv3-only or TLSv1-only the default from Squid-3.2 onwards.
>
> I believe this patch should do it.
These two are somewhat misgiving. SSLv23 means negotiated version
controlled by the flags, doing automatic upgrade to highest version
supported.
default:
- debugs(83, 5, "Using SSLv2/SSLv3.");
+ debugs(83, 5, "Using SSLv3/TLSv1.");
method = SSLv23_server_method();
default:
- debugs(83, 5, "Using SSLv2/SSLv3.");
+ debugs(83, 5, "Using SSLv3/TLSv1.");
method = SSLv23_client_method();
break;
Also may need a new flag for enabling SSLv2 support again.
Regards
Henrik
Received on Mon Jan 24 2011 - 20:59:57 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 25 2011 - 12:00:05 MST