[Pkg-openssl-devel] Bug#736687: Bug#736687: libssl1.0.0: default cipher list contains insecure ciphers
Philipp Kern
pkern at debian.org
Fri Nov 25 09:56:39 UTC 2016
On Sun, Oct 30, 2016 at 10:40:42PM +0100, Kurt Roeckx wrote:
> On Sun, Oct 30, 2016 at 11:35:23PM +0200, Adrian Bunk wrote:
> > I am raising this to RC severity since 1.0.2 will likely still be
> > shipped in stretch, and removing ciphers from the 1.0.2 defaults
> > that were already removed from the 1.1.0 defaults should clearly
> > be done for stretch.
> I did plan on disabling 3DES and RC4 in 1.0.2 for stretch.
Did this happen? This bug is now applying to the openssl1.0 as a
RC bug.
Kind regards
Philipp Kern
More information about the Pkg-openssl-devel
mailing list