[Development] QSsl: finer-grained protocol selection
Thiago Macieira
thiago.macieira at intel.com
Sat Dec 27 13:48:14 CET 2014
On Saturday 27 December 2014 10:52:41 Richard Moore wrote:
> Hmm, if you set TLS 1.0 you really need to only negotiate TLS 1.0. If not
> then if you're connecting to old servers the TLS extensions will lead the
> connection to hang. Perhaps what we want is a minimum and maximum version
> (though this doesn't map very well to the underlying openssl API).
Why? Let's assume we're this is 2014 today and that any non-broken server has
been upgraded to support TLSv1, since SSLv3 is now known to be not as secure.
Is the connection hanging still a problem? And even if it is, isn't that an
OpenSSL problem, not ours?
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Development
mailing list