cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSLv3 fallback attack POODLE

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 24 Oct 2014 13:44:59 +0200 (CEST)

On Fri, 24 Oct 2014, Kamil Dudka wrote:

> Is the plan to disable SSL 3.0 by default still valid?
>
> Are we going to make the change before the upcoming release?

Yes I think we should, if possible.

> Should I unimplement the fallback to SSL 3.0 in the NSS backend now, or wait
> till Ray's patch appears upstream?

I'm digging up Ray's patch just now and I've pushed it!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2014-10-24

This message: [ Message body ]
Next message: Daniel Karunairatnam: "Re: SFTP problems"
Previous message: Kamil Dudka: "Re: SSLv3 fallback attack POODLE"
In reply to: Kamil Dudka: "Re: SSLv3 fallback attack POODLE"
Next in thread: Ray Satiro: "Re: SSLv3 fallback attack POODLE"
Reply: Ray Satiro: "Re: SSLv3 fallback attack POODLE"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]