We really, really, really mean it this time: take SSL3 and bury it.
That's the message from the home of all things Internet the Internet Engineering Task Force, which has issued the “take it behind the shed” edict in this RFC.
It's actually only formalising what the IETF and industry already knew: SSLv3 is ancient and insecure, and is the source of problems like BEAST and POODLE.
Major vendors have been expunging the buggy kludge from their code since last year, but RFC 7568 makes killing it off official IETF policy.
It had already signalled its intent in May, and the new document should only affect the handful of terminally-dozy...
Leggi il seguito »