httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: svn commit: r1705618 - /httpd/httpd/branches/2.4.x/STATUS
Date Mon, 28 Sep 2015 16:59:32 GMT
On Mon, Sep 28, 2015 at 12:33 PM, William A Rowe Jr <> wrote:
> By which we mean TTLv1.0/SSLv3 because there is so little technical
> difference between them.

I think there is enough difference to disable one by default and not
the other.  The final straw for SSLv3 was POODLE. But POODLE on TLS
1.0 was fixable/fixed. The qualsys TLS best practice doc
differentiates them, and the scanner dings you seriously for SSLv3 and
not at all for TLS1.0.   From my own support work, anecdotally,
commercial scan tools seem to treat things the same as qualsys.

Eric Covener

View raw message