[Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures
Kurt Roeckx
kurt at roeckx.be
Sun Aug 6 18:13:20 UTC 2017
On Sun, Aug 06, 2017 at 06:03:30PM +0200, Sebastian Andrzej Siewior wrote:
> On 5 August 2017 23:31:33 CEST, Kurt Roeckx <kurt at roeckx.be> wrote:
>
> >I planned to break things by disabling TLS 1.0 and 1.1, which I
> >might upload soon. I guess I can fix that at the same time.
>
> Do you intend a transition like we had for SSLv2 removal or do you plan just to disable it? I remember a few packages using TLSv functions instead of SSLv23 which is what should be used (and those will end up with nothing).
I'm not sure what to do with the TLSv* methods. They have been
deprecated and will be removed in 1.2. I could make them return
NULL, or I could keep them working. I think I'm currently going
for just making them turn NULL.
I don't plan to remove any symbols, so there should be no need to
change the soname.
> Removing TLS1.0 and TLS1.1 sounds early but given that we aim Buster it looks alright. My web server serves 1.2 only which only rejects a few bots of questionable origin. My email server logs a few 1.0 legitimate connections but that's how it is. They usually fallback to plain connection. Shouldn't we announce it on D-D-A?
Yes, the aim is to have this for Buster by default. And we can
always revert this if too much is broken. But I think Buster is
far enough in the future to try and do this now.
Kurt
More information about the Pkg-openssl-devel
mailing list