From owner-freebsd-security@FreeBSD.ORG  Tue Sep 10 19:09:52 2013
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id B0F50A78
 for <freebsd-security@freebsd.org>; Tue, 10 Sep 2013 19:09:52 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com
 [66.111.4.27])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 85DB723B1
 for <freebsd-security@freebsd.org>; Tue, 10 Sep 2013 19:09:52 +0000 (UTC)
Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42])
 by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 58E9E21119;
 Tue, 10 Sep 2013 15:09:51 -0400 (EDT)
Received: from web3 ([10.202.2.213])
 by compute2.internal (MEProxy); Tue, 10 Sep 2013 15:09:51 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=message-id:from:to:cc:mime-version
 :content-transfer-encoding:content-type:subject:date:in-reply-to
 :references; s=smtpout; bh=LrdWaIXJwCGwZel45hxnKK04kms=; b=my+Wk
 C+BixT7R3XFrw1VLMOJ0Req3VtgKuxcvQkxdBw5pALWPW7Nx4wKxoQdKY1KVSPPL
 gQOHo4Tc/iBKq8bwhp54EfXLXebeHoG/fzlLSABkbHRKQ+hxVC6+zUr+pFetTph/
 j0CAkeB1opl2Ar+yLNt6VXCkQ8F2dIGXjhEDhg=
Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99)
 id 23B37B000AE; Tue, 10 Sep 2013 15:09:51 -0400 (EDT)
Message-Id: <1378840191.3555.20332769.2FCAFF2D@webmail.messagingengine.com>
X-Sasl-Enc: WzKG9VEs7rXRDNiQyfgfx4M6tWa+ejDe9cm0Icp0NYZS 1378840191
From: Mark Felder <feld@FreeBSD.org>
To: Darren Pilgrim <list_freebsd@bluerosetech.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: MessagingEngine.com Webmail Interface - ajax-15090c31
Subject: Re: Anything in this story of concern?
Date: Tue, 10 Sep 2013 14:09:51 -0500
In-Reply-To: <522F6D79.9070208@bluerosetech.com>
References: <20130909144142.J99094@sola.nimnet.asn.au>
 <1378731079.24879.19687157.0DBE99D1@webmail.messagingengine.com>
 <522F6D79.9070208@bluerosetech.com>
Cc: freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 19:09:52 -0000

On Tue, Sep 10, 2013, at 14:05, Darren Pilgrim wrote:
> - Leave SSLv3/TLSv1.0 enabled only for cases where you can't control the 
> remote end's SSL capabilities.

Which is what I routinely run into: public webhosting services.

Customers will scream if their website doesn't work on every moderately
reasonable device/browser.

*sigh* you can't win in this game