Nathan Mueller wrote:
> > I am confused. How can we switch back to SSLv23_method and still be
> > compatible with TLSv1_method. Does SSLv23_method support both?
>
> SSLv23 understands SSLv2, SSLv3 and TLSv1. When used in a client it uses
> SSLv2 but tells the server it can understand the other ones too. Check
> out the SSL_CTX_new manpage for a lot more details.
>
> > The SSL author didn't like SSLv23_method (especially SSLv2) and
> > I am not
> > confident to question his decision. We will just have to break
> > backward
> > compatibility with pre-7.3 clients. No one else has mentioned it as a
> > problem, and in fact most have probably already upgraded to 7.3, so we
> > should be OK.
>
> I agree, TLSv1 is a lot better but there's no point in breaking
> backwords compatibility when you don't have to. Also, given my problems
> with 7.3's SSL I'd be surprised if a lot of people who use it have made
> the switch.
Well, we break backward compatibility so people can't use SSL2 to
connect to the server. Backward compatibility to a broken protocol
isn't what I would call secure. Is that accurate?
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073