[Pkg-ace-devel] Fwd: [Bug 3958] debian doesn't ship sslv2 anymore
Thomas Girard
thomas.g.girard at free.fr
Tue May 24 18:50:53 UTC 2011
Hello,
Le 24/05/2011 20:47, Pau Garcia i Quiles a écrit :
> After a few hours on this last weekend, I think my initial solution is
> the right one but only because it preserves the same odd aproach ACE
> has: send junk, get SSLv3.
Ok. Then let's upload it.
> Defaulting to anything else (i. e. not establishing SSLv3 connection)
> would be safer but would also break upstream's default behavior. In
> fact, IMHO the "SSLv3 by default" behavior may even lead to DoS
> attacks by exhaustion of resources on the server side :-/ Maybe I
> should open a bugreport asking to change this default?
I believe commenting on [1] should do.
Thanks,
Thomas
[1] http://bugzilla.dre.vanderbilt.edu/show_bug.cgi?id=3958
More information about the Pkg-ace-devel
mailing list