Re: sslv2 and openssl 1.0

To: debian-devel@lists.debian.org
Subject: Re: sslv2 and openssl 1.0
From: Simon McVittie <smcv@debian.org>
Date: Sun, 3 Apr 2011 12:06:25 +0100
Message-id: <[🔎] 20110403110625.GA4333@reptile.pseudorandom.co.uk>
In-reply-to: <[🔎] 4D97C4C1.7040202@melix.org>
References: <[🔎] 4D97C4C1.7040202@melix.org>

On Sun, 03 Apr 2011 at 02:52:17 +0200, Jérémy Lal wrote:
>    People might complain about old sslv2 clients in case the
>    packaged software is a server (telepathy-*, web servers)

For the record, the various Telepathy daemons typically act as SSL clients
(where their various protocols support SSL at all), rather than SSL servers;
for instance, telepathy-gabble not supporting SSLv2 would only be a problem
if connecting to a SSLv2-only XMPP server.

Current work on end-to-end encryption is likely to involve tunnelling TLS
through IM protocols, but I'd expect that to be TLS 1.0 rather than anything
older.

    S

Reply to:

Follow-Ups:
- Re: sslv2 and openssl 1.0
  - From: Salvo Tomaselli <tiposchi@tiscali.it>

References:
- sslv2 and openssl 1.0
  - From: Jérémy Lal <kapouer@melix.org>

Prev by Date: Re: network-manager as default? No! (was: Bits from the Release Team - Kicking off Wheezy)
Next by Date: Re: network-manager as default? No! (was: Bits from the Release Team - Kicking off Wheezy)
Previous by thread: Re: sslv2 and openssl 1.0
Next by thread: Re: sslv2 and openssl 1.0
Index(es):
- Date
- Thread