Great! I hope we can stop using 'SSL' (or even 'SSL/TLS') everywhere and start using just 'TLS' now. :)

I doubt that will happen anytime soon. Myself and many engineers I know still use the term "SSL" even when we mean TLS (i.e., 1.0+) exclusively, in part because some people don't "know" TLS (but they do know what SSL is).

Old habits die hard, I guess.

Indeed. I used to do the same, but I've since switched to only using TLS and taking a couple of seconds to say 'a newer version of SSL' to any confused looking faces in the discussion. After a while of doing this I don't see nearly as many confused faces and others have even taken up the procedure! :)

Looking at the references, I found RFC 7366, by Peter Gutmann (author of the dual-licensed cryptlib), which proposes an extension to make TLS encrypt-then-MAC instead of MAC-then-encrypt. Interestingly, that RFC cites three informational references, two of which predate TLS 1.1 (2002).

I don't think any browsers do it yet, right? I hope that TLS 1.0 clients/servers can be fixed using this.

Amused that the original drafts' titles were variations on "sslv3-die-die-die".

Alternate link: https://tools.ietf.org/html/rfc7568