Bug#579429: Raising severity

Yves-Alexis Perez corsac at debian.org
Tue Jun 28 06:40:56 UTC 2011


severity 579429 important
thanks

I have the same issue with midori (or GtkLauncher from Webkit) and
https://www.meego.com which only accepts recent ciphers.

Disabling recent cipers to fall back to less secure ones is really a bad
idea. I've explained that on upstream bug
https://bugzilla.gnome.org/show_bug.cgi?id=581342 but still no real
news.

Current situation is that we have:

* old servers broken when using TLS
* new servers broken when not using TLS

Given the choice, I'd *much* better break the old (insecure) servers
than the new ones. Besides security, by disabling TLS you lose the
extensions, especially stuff like SNI which can be really useful when
you do virtual hosting.

Please revert the changes and enable the full TLS support. If the
websites are broken, then we need to fix the websites, not break the
client stack.

Regards,
-- 
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20110628/f6ff530e/attachment.pgp>


More information about the pkg-gnome-maintainers mailing list