
Deprecating Secure Sockets Layer Version 3.0 - jgrahamc
https://www.rfc-editor.org/rfc/rfc7568.txt
======
ran290
Great! I hope we can stop using 'SSL' (or even 'SSL/TLS') everywhere and start
using just 'TLS' now. :)

~~~
jlgaddis
I doubt that will happen anytime soon. Myself and many engineers I know still
use the term "SSL" even when we mean TLS (i.e., 1.0+) exclusively, in part
because some people don't "know" TLS (but they _do_ know what SSL is).

Old habits die hard, I guess.

~~~
ran290
Indeed. I used to do the same, but I've since switched to only using TLS and
taking a couple of seconds to say 'a newer version of SSL' to any confused
looking faces in the discussion. After a while of doing this I don't see
nearly as many confused faces and others have even taken up the procedure! :)

------
alricb
Looking at the references, I found RFC 7366, by Peter Gutmann (author of the
dual-licensed cryptlib), which proposes an extension to make TLS encrypt-then-
MAC instead of MAC-then-encrypt. Interestingly, that RFC cites three
informational references, two of which predate TLS 1.1 (2002).

~~~
yuhong
I don't think any browsers do it yet, right? I hope that TLS 1.0
clients/servers can be fixed using this.

------
davidgerard
Amused that the original drafts' titles were variations on "sslv3-die-die-
die".

------
teddyh
Alternate link:
[https://tools.ietf.org/html/rfc7568](https://tools.ietf.org/html/rfc7568)

