Re: Removing SSL 3.0/Poodle from Martin Thomson on 2014-10-21 (ietf-http-wg@w3.org from October to December 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 20 Oct 2014 23:53:00 -0700
To: Jim Manico <jim@manico.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWr0d8YWL=_pf=qG1806Ddvir0FG3_fuS8hzFtGjPePMw@mail.gmail.com>

On 20 October 2014 23:22, Jim Manico <jim@manico.net> wrote:
> Now that SSL 3.0 is dead due to POODLE, is there any chance it can be removed from the HTTP2 spec? It's security theatre at best right now.

It's already gone.  As is TLS 1.0 and 1.1.

Received on Tuesday, 21 October 2014 06:53:28 UTC