[Pkg-openssl-devel] Bug#736687: Bug#736687: libssl1.0.0: default cipher list contains insecure ciphers
Kurt Roeckx
kurt at roeckx.be
Fri Nov 25 18:00:39 UTC 2016
On Fri, Nov 25, 2016 at 10:56:39AM +0100, Philipp Kern wrote:
> On Sun, Oct 30, 2016 at 10:40:42PM +0100, Kurt Roeckx wrote:
> > On Sun, Oct 30, 2016 at 11:35:23PM +0200, Adrian Bunk wrote:
> > > I am raising this to RC severity since 1.0.2 will likely still be
> > > shipped in stretch, and removing ciphers from the 1.0.2 defaults
> > > that were already removed from the 1.1.0 defaults should clearly
> > > be done for stretch.
> > I did plan on disabling 3DES and RC4 in 1.0.2 for stretch.
>
> Did this happen? This bug is now applying to the openssl1.0 as a
> RC bug.
It's not fixed in the openssl1.0 source package, it is in the
openssl source package. So the bug is correct.
Kurt
More information about the Pkg-openssl-devel
mailing list