Hello, Eric Christensen proposed removed SSL 3.0 from the DEFAULT crypto policy in F21, due to the POODLE attack. I experimented a bit, and noticed (again) that openssl cannot set the supported versions via a cipher string, and since NSS is still work in progress, it would actually mean that this setting would only apply to gnutls. Also Tomas Mraz noticed quite few mail clients that still use SSL 3.0 only, meaning SSL 3.0 is not completely dead yet and may cause compatibility issues for Fedora servers that use these strings. With that in mind, does it make sense to update the policies to remove SSL 3.0, or should we wait until F22? regards, Nikos -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
