[TLS] Deprecating SSLv3
Martin Thomson <martin.thomson@gmail.com> Mon, 10 November 2014 23:17 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 5A2F41ACFE0 for <tls@ietfa.amsl.com>; Mon, 10 Nov 2014 15:17:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id WT3HU1eIFt-a for <tls@ietfa.amsl.com>; Mon, 10 Nov 2014 15:17:52 -0800 (PST)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C5AF1ACFD8 for <tls@ietf.org>; Mon, 10 Nov 2014 15:17:52 -0800 (PST)
Received: by mail-la0-f53.google.com with SMTP id mc6so8751606lab.12 for <tls@ietf.org>; Mon, 10 Nov 2014 15:17:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=bm1468IeZmYivk0LalIgWkEXEOX5Jd1NFoBQsfvBGmI=; b=sRdu20tg1IgOQcz4XTdOwIrZLxNS0aTxNUCnHy+HPbw28qbeyBdP79hxfxmSvxvndX wBVGvXTatlzqnvTwOt9GJitOoOluwpQMLFZKDLdCmcqJIdYs89da93m4dp1lbNzRzIkn Ln0LU/ZeQU9V5tbZthMTB//5lSVwfJuj9js999mZWPqttdc/FA+AzVprQPiw+3z65yx0 6h27BtQkpAYm18kXrJucNV2k8bxvOpqGYbRTwEKgxv7D5n5SwD7x3Pppms1wsrtZwPIi 2AoKKzeW6H+r1Y8ZpcVCJukIe0U6EmpjMYEnDuI4jEEl5TGizxPXlcZevrIp7Uvur971 nINQ==
MIME-Version: 1.0
X-Received: by with SMTP id l8mr32965191lae.43.1415661470442; Mon, 10 Nov 2014 15:17:50 -0800 (PST)
Received: by with HTTP; Mon, 10 Nov 2014 15:17:50 -0800 (PST)
Date: Mon, 10 Nov 2014 15:17:50 -0800
Message-ID: <CABkgnnWw9zsrqQzHVU0vXLJM+HBK3QYxJAZE+0kgGkEQEzwS=w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/BwtRvCQ5reh7weXa8J_pfER6sLU
Subject: [TLS] Deprecating SSLv3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 23:17:54 -0000
(UTA on BCC) The POODLE attack has been used across the industry to justify disabling SSLv3. For some of us, this was just the excuse, but others might need more motivation. A statement from the IETF might help move some people. Richard, Alfredo, Adam and I have proposed such a statement: https://datatracker.ietf.org/doc/draft-thomson-sslv3-diediedie/
- [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Matt Caswell
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Manuel Pégourié-Gonnard
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Stephen Checkoway
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Alfredo Pironti
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Ronald del Rosario
- Re: [TLS] Deprecating SSLv3 Alfredo Pironti
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Kurt Roeckx
- Re: [TLS] Deprecating SSLv3 Salz, Rich
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Kurt Roeckx
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Manuel Pégourié-Gonnard
- Re: [TLS] Deprecating SSLv3 Watson Ladd
- Re: [TLS] Deprecating SSLv3 Nico Williams
- Re: [TLS] Deprecating SSLv3 Yoav Nir
- Re: [TLS] Deprecating SSLv3 Bill Frantz
- Re: [TLS] Deprecating SSLv3 Nico Williams
- Re: [TLS] Deprecating SSLv3 Henrick Hellström
- Re: [TLS] Deprecating SSLv3 Yuhong Bao
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex