|
|
|
|
|
|
by _ahxg
971 days ago
|
|
|
If I understood it correctly, it can actually be worse than fallback to plain text, because if a malicious actor can stability a connection using legacy SSLv2, then this connection can be used to decrypt the session for users running the latest TLS version. While plain text connections would affected only users using the plain text connection. See comment from https://news.ycombinator.com/item?id=38047633 |
|
|