[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [mpop-users] SSLv3 option removed
Hi again,
On Wed, 15 Oct 2014 20:55:30 +0200, Martin Lambers wrote:
> When OpenSSL is used, SSLv3 is now disabled explicitly. For GnuTLS, a
> library update should take care of that soon.
With GnuTLS, you might want to use
tls_priorities NORMAL:-VERS-SSL3.0
or even better
tls_priorities PFS:-VERS-SSL3.0
to disable SSLv3 right now.
See http://gnutls.org/manual/html_node/Priority-Strings.html
Thinking of it, should we replace the current default priority string
"NORMAL" with "PFS"? Or even with "PFS:-VERS-SSL3.0"?
Regards,
Martin