[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] SSL Poodle attack
From: |
Petr Pisar |
Subject: |
Re: [Bug-wget] SSL Poodle attack |
Date: |
Wed, 15 Oct 2014 13:45:18 +0200 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Oct 15, 2014 at 11:57:47AM +0200, Tim Rühsen wrote:
> (means, the libraries defaults are used, whatever that is).
>
> Should we break compatibility and map 'auto' to TLSv1 ?
> For the security of the users.
Please no. Instead of changing each TLS program, one should patch only the TLS
library. This is the reason why why have shared libraries.
So just report the issue to your vendor, he will fix few TSL implementations
he delivers and all application will get fixed automatically.
-- Petr
pgpH4L6JmoDKX.pgp
Description: PGP signature