|
|
|
|
|
|
by sslalready
4262 days ago
|
|
|
Disabling SSLv3 will indeed affect a significant amount of clients in the real world. I've seen a few commenters here on HN that point out that pretty much everything since Windows XP (ignoring IE6) supports at least 1.0 of the TLS protocols. While that may be correct in theory, in practice it's not. At a 1MM+ visitors/week site we still see a few percent of our users that regularly connect using SSLv3 across different versions of Windows, including more modern ones such as Windows Vista, 7 and 8(!) Though I'm not sure why this is the case, antivirus software suites such as McAfee[1] have in the past been known to disable TLS 1.0 system wide in Windows. [1] http://answers.microsoft.com/en-us/ie/forum/ie8-windows_othe... |
|
|
"[...] Also, handshake errors due to network glitches could similarly be misinterpreted as interaction with a legacy server and result in a protocol downgrade."
Perhaps that's what you're seeing.