You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
tinkercad.com was seeing 10%-15% of our users fail to connect to our https servers due
to the browser using SSL 3.0 instead of TLS 1.0. agl speculates that this might occur
both due to misconfigurations and due to browser automatically downgrading from TLS 1.0
to SSL 3.0.
For sites running https a recommendation would be to monitor any http/https transitions
to try to verify how much of their population is running into this issue.
As per offline discussion, please file this bug against agl to track adding SSL 3.0
support to crypto/tls.
The text was updated successfully, but these errors were encountered:
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.
So we need to support SSLv3 for robustness :(
Fixesgolang#1703.
R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
This issue was closed.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by kai@tinkercad.com:
The text was updated successfully, but these errors were encountered: