Comment Re:Maybe they just don't need the fix! (Score 1) 103
It's not maybe, it either you need it or you dont! And for the vast majority it's the latter.
it's disabled by default, so it's not a matter of re-enabling it. Besides there is no patch for stupidity.
I could turn that around and say those who blindly always install the latest stuff probably don't know what they really need or do.
New code often means new bugs.
But in this case it only makes sense to warn if the server asks for renegotiation and only accepts an unsecure renegotiation. Browsers can/should warn about that right now.(and maybe they already do)
Of course most SSL connections/servers don't require a renegotiation so for most unpatched servers this will be no problem (as it is security wise).
it's disabled by default, so it's not a matter of re-enabling it. Besides there is no patch for stupidity.
I could turn that around and say those who blindly always install the latest stuff probably don't know what they really need or do.
New code often means new bugs.
But in this case it only makes sense to warn if the server asks for renegotiation and only accepts an unsecure renegotiation. Browsers can/should warn about that right now.(and maybe they already do)
Of course most SSL connections/servers don't require a renegotiation so for most unpatched servers this will be no problem (as it is security wise).