[Pkg-haskell-maintainers] Bug#768164: Bug#768164: haskell-tls: SSLv3 support
Joachim Breitner
nomeata at debian.org
Wed Nov 5 18:11:49 UTC 2014
Dear Moritz,
Am Mittwoch, den 05.11.2014, 17:12 +0100 schrieb Moritz Muehlenhoff:
> On Wed, Nov 05, 2014 at 05:07:15PM +0100, Joachim Breitner wrote:
> > Am Mittwoch, den 05.11.2014, 16:45 +0100 schrieb Moritz Muehlenhoff:
> > > Package: haskell-tls
> > > Severity: important
> > > Tags: security
> > >
> > > Hi,
> > > openssl disabled SSLv3 for jessie since 1.0.1j-1. Shall we do the same for haskell-tls?
> >
> > good question. Probably yes. Did openssl disable SSLv3 completely, or
> > did it just removed it from the default list of accepted settings?
>
> openssl disabled it entirely; it features a dedicated build flag for it
> (no-ssl3).
Ok, I think we can easily follow suit here. Removing code is always
simple :-)
> Could you approach haskell-tls upstream for their recommendation to disable it?
Vincent, did you consider this issue already?
Greetings,
Joachim
--
Joachim "nomeata" Breitner
Debian Developer
nomeata at debian.org | ICQ# 74513189 | GPG-Keyid: F0FBF51F
JID: nomeata at joachim-breitner.de | http://people.debian.org/~nomeata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-haskell-maintainers/attachments/20141105/903bbcd9/attachment.sig>
More information about the Pkg-haskell-maintainers
mailing list