OpenSSL - Allow SSLv2 or SSLv3?


#1

It seems there are issues with SU and using SSL from the Ruby API.

Briefly, SSL has two main connection protocols, TLS and SSL. Everyone still uses the phrase SSL, but the SSL protocols are no longer considered secure. I haven’t checked recently, but I believe most current browsers have the SSL protocols disabled by default. Also, many web servers no longer use SSL protocols.

If one wants to connect to an https server from the net std-libs, protocols are not a concern, as the most secure protocol is used (assuming they are not reconfigured).

I think SSLv2 and SSLv3 should be disabled in the Ruby API.

  • Question - For those of you needing https or secure connections in your plugins, do you have need for OpenSSL in SU Ruby to support SSLv2 or SSLv3?

If so, please state why. Thank you.


#2

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.