[Pkg-openssl-changes] r909 - openssl/branches/1.1.0/debian

Kurt Roeckx kroeckx at moszumanska.debian.org
Sun Aug 6 21:40:47 UTC 2017 

Author: kroeckx
Date: 2017-08-06 21:40:47 +0000 (Sun, 06 Aug 2017)
New Revision: 909

Modified:
   openssl/branches/1.1.0/debian/changelog
   openssl/branches/1.1.0/debian/rules
Log:
Disable TLS 1.0 and 1.1


Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog	2017-07-11 22:25:48 UTC (rev 908)
+++ openssl/branches/1.1.0/debian/changelog	2017-08-06 21:40:47 UTC (rev 909)
@@ -1,9 +1,16 @@
 openssl (1.1.0f-4) UNRELEASED; urgency=medium
 
+  [ Sebastian Andrzej Siewior ]
   * Add support for arm64ilp32, patch by Wookey (Closes: #867240)
 
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc>  Wed, 12 Jul 2017 00:24:40 +0200
+  [ Kurt Roeckx ]
+  * Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
+    version. This will likely break things, but the hope is that by
+    the release of Buster everything will speak at least TLS 1.2. This will be
+    reconsidered before the Buster release.
 
+ -- Kurt Roeckx <kurt at roeckx.be>  Sun, 06 Aug 2017 23:40:02 +0200
+
 openssl (1.1.0f-3) unstable; urgency=medium
 
   * Don't cleanup a thread-local key we didn't create it (Closes: #863707)

Modified: openssl/branches/1.1.0/debian/rules
===================================================================
--- openssl/branches/1.1.0/debian/rules	2017-07-11 22:25:48 UTC (rev 908)
+++ openssl/branches/1.1.0/debian/rules	2017-08-06 21:40:47 UTC (rev 909)
@@ -31,7 +31,7 @@
 	MAKEFLAGS += -j$(NUMJOBS)
 endif
 
-CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms
+CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms disable-tls1 disable-tls1_1
 OPT_alpha = ev4 ev5
 ARCHOPTS  = OPT_$(DEB_HOST_ARCH)
 OPTS      = $($(ARCHOPTS))

More information about the Pkg-openssl-changes mailing list