Bill Janssen wrote: > Here's the updated connection table: > > SSL2 SSL3 SS23 TLS1 > SSL2 yes no yes no > SSL3 yes yes yes no > SSL23 yes no yes no > TLS1 no no yes yes > > Given this, I think the client-side default should be changed from > SSLv23 to SSLv3, and the server-side default should be SSLv23. I believe you are correct. I did some experiments with this a while ago after hitting problems connecting to some SSL servers although I can't remember the exact results now. More importantly, what you recommend is what Twisted does and I'd believe them more than me any time ;-). See Twisted's DefaultOpenSSLContextFactory [1] for the server side and ClientContextFactory [2] for the client side. Cheers, Matt [1] DefaultOpenSSLContextFactory, http://twistedmatrix.com/trac/browser/trunk/twisted/internet/ssl.py#L67 [2] ClientContextFactory, http://twistedmatrix.com/trac/browser/trunk/twisted/internet/ssl.py#L102 -- Matt Goodall, Pollenation Internet Ltd Technology House, 237 Lidgett Lane, Leeds LS17 6QR Registered No 4382123 A member of the Brunswick MCL Group of Companies w: http://www.pollenation.net/ e: matt at pollenation.net t: +44 113 2252500
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4