[Info-vax] OpenSSL CSWS-2.2-1
Phillip Helbig undress to reply
helbig at asclothestro.multivax.de
Wed Jun 5 12:02:07 EDT 2019
In article <qd7kb1$95k$1 at dont-email.me>, Dave Froble
<davef at tsoft-inc.com> writes:
> You're missing the point. If a significant part of some companies
> business is with a trading partner who will not upgrade their SSL
> capabilities, and you have no way to get them to change, then, you do
> what you have to do to stay in business.
Indeed. While I understand the purpose of both encryption and
authentication, many SSL implementations will refuse to connect if the
offered ciphers are deemed to be insecure, rather than having an option
(more common in web browsers) saying: "there is a problem, but if you
know what you are doing, you can continue". Without that option, SSL is
a non-starter if the other side is "too old", which is why some people
still run telnet. Even if the cypher is not up to date, it is still
better than no encryption, and at least there is authentication.
More information about the Info-vax
mailing list