Re: 7.3.1 stamped

Nathan Mueller wrote:
> > I am confused. How can we switch back to SSLv23_method and still be
> > compatible with TLSv1_method. Does SSLv23_method support both?
> 
> SSLv23 understands SSLv2, SSLv3 and TLSv1. When used in a client it uses
> SSLv2 but tells the server it can understand the other ones too. Check
> out the SSL_CTX_new manpage for a lot more details.
> 
> > The SSL author didn't like SSLv23_method (especially SSLv2) and
> > I am not
> > confident to question his decision. We will just have to break
> > backward
> > compatibility with pre-7.3 clients. No one else has mentioned it as a
> > problem, and in fact most have probably already upgraded to 7.3, so we
> > should be OK.
> 
> I agree, TLSv1 is a lot better but there's no point in breaking
> backwords compatibility when you don't have to. Also, given my problems
> with 7.3's SSL I'd be surprised if a lot of people who use it have made
> the switch.

Well, we break backward compatibility so people can't use SSL2 to
connect to the server.  Backward compatibility to a broken protocol
isn't what I would call secure.  Is that accurate?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073