From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Thu, 28 Jul 2011 11:34:12 +0200
From: David du Colombier <0intro@gmail.com>
To: 9fans@9fans.net
Message-ID: <20110728113412.12b929f4@wks-ddc.exosec.local>
In-Reply-To: <870be0732e4f6bb93ca5798f1aa65231@terzarima.net>
References: <20110728080009.25749f47@zinc.9fans.fr>
	<870be0732e4f6bb93ca5798f1aa65231@terzarima.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] encrypting 9P traffic
Topicbox-Message-UUID: 07cf7f06-ead7-11e9-9d60-3106f5b1d025

> >Yes, but like you said earlier, it's SSLv2, not SSLv3.
>
> what's the advantage of using v3 for plan 9 connections?
> plan 9 uses only the record format of v2.

exportfs, import and cpu are the three last commands still using
devssl. When they will be migrated to devtls, devssl could be
definitely removed.

HTTP, SMTP, IMAP, POP and others already use both TLS 1.0 handshake
and record protocols.

It's easier to maintain a single encryption protocol than two.

Moreover, if you want to interact with foreign implementations,
they often don't implement SSL 2.0 anymore, or, at best, only
support the standard and weak ciphers of SSL 2.0, and not
the newest ones, standardized in TLS 1.0, 1.1, 1.2 and their
extensions (mostly AES, SHA1 and SHA2).

--
David du Colombier