Changes between Version 1 and Version 2 of Ticket #653, comment 4


Ignore:
Timestamp:
11/06/14 00:33:21 (10 years ago)
Author:
https://stackoverflow.com/users/573152/bernard-rosset

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #653, comment 4

    v1 v2  
    99Real-life aspects are being underlined, the most prominent one being that for a very large amout of standard nginx use cases, the clients will have at least support of TLS v1.0. Edgy cases with clients not supporting TLS are the exception.
    1010
     11On the mailing list, you even consider everything is OK because browsers are removing support of SSLv3... Why do not you guys do the same?
     12Browsers could still hide themselves behind the fact that some server applications require SSLv3 and they could also insist on backward-compatibility.
     13They are moving now, taking that opportunity. Mainly because XP is almost completely part of history. The guys who are still using it are not secured because they use outdated stuff. You cannot do anything for them from a security point of view: you said it yourself on the mailing list.
     14Why is not nginx taking that opportunity too?
     15
    1116SSLv3 is facing yet another classical Mexican stand-off in computer engineering:
    12171. Servers won't upgrade since some clients still need it