[openssl-users] About no-ssl2
Salz, Rich
rsalz at akamai.com
Thu Mar 17 00:41:47 UTC 2016
>The problem is the concept itself since it will require every app to have coded into it when a given feature was removed should it attempt to support it when present.
Yes.
It dates back to the very early days (when SSLeay was developed on clay tablets), when the default was "get it all" and specific define's were used to turn off small specific things.
In the 20 years since then, the world has moved to "safe by default" which is different.
Oh well.
More information about the openssl-users
mailing list