[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] please remove SSLv3 from being used until explicitly specifie
From: |
Christoph Anton Mitterer |
Subject: |
[Bug-wget] please remove SSLv3 from being used until explicitly specified |
Date: |
Thu, 16 Oct 2014 14:03:43 +0200 |
Hi.
Could you please consider to remove SSLv3 (and if not done yet SSLv2 as
well) from being automatically used, while still leaving users the
choice to manually enable it (e.g. via --secure-protocol=SSLv2/3).
I think it would be a bad idea to expect that these insecure versions
are dropped from the SSL backend libs, since they may be retained for
debugging purposes or people may just use outdated cipher preference
list.
Also, it wget seems to have this --secure-protocol=PFS, which seems a
bit strange to me, since PFS is not a property of TLS/SSL itself but
rather the algorithms used.
Especially, when specifying --secure-protocol=PFS one shouldn't end up
with SSLv2/3 accidentally :)
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
- [Bug-wget] please remove SSLv3 from being used until explicitly specified,
Christoph Anton Mitterer <=
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Tim Rühsen, 2014/10/16
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Ángel González, 2014/10/16
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Ángel González, 2014/10/16
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Ángel González, 2014/10/16
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Tim Rühsen, 2014/10/17
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Ángel González, 2014/10/19
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Tim Rühsen, 2014/10/19
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Christoph Anton Mitterer, 2014/10/17
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Tim Rühsen, 2014/10/17
- Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Christoph Anton Mitterer, 2014/10/17