Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: Add SSL 3.0 support #1703

Closed
gopherbot opened this issue Apr 14, 2011 · 2 comments
Closed

crypto/tls: Add SSL 3.0 support #1703

gopherbot opened this issue Apr 14, 2011 · 2 comments
Labels
FrozenDueToAge Security

Comments

@gopherbot
Copy link

by kai@tinkercad.com:

tinkercad.com was seeing 10%-15% of our users fail to connect to our https servers due
to the browser using SSL 3.0 instead of TLS 1.0. agl speculates that this might occur
both due to misconfigurations and due to browser automatically downgrading from TLS 1.0
to SSL 3.0.

For sites running https a recommendation would be to monitor any http/https transitions
to try to verify how much of their population is running into this issue.

As per offline discussion, please file this bug against agl to track adding SSL 3.0
support to crypto/tls.
@robpike
Copy link
Contributor

robpike commented Apr 14, 2011

Comment 1:

Labels changed: added packagechange, security.

Owner changed to @agl.

Status changed to Accepted.

@agl
Copy link
Contributor

agl commented Sep 14, 2011

Comment 2:

This issue was closed by revision a775fbf.

Status changed to Fixed.

@mikioh mikioh changed the title Add SSL 3.0 support to crypto/tls crypto/tls: Add SSL 3.0 support Jan 14, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@agl
crypto/tls: support SSLv3
76c2ff5 
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.

So we need to support SSLv3 for robustness :(

Fixes golang#1703.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@agl @robpike @gopherbot