[Pkg-openssl-devel] Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)
Philipp Kern
pkern at debian.org
Mon Sep 11 10:03:20 UTC 2017
On 2017-09-11 11:33, Raphaël Hertzog wrote:
> I looked back at the debian-devel discussion and it seems to me that
> the majority of persons who expressed themselves (including Moritz
> Mühlenhoff
> of the Debian security team) believe that buster should ship with TLS
> 1.0
> and TLS 1.1 enabled.
>
> Given this, I would like to request you to make sure that Debian
> testing
> has a version of openssl with TLS 1.0 and TLS 1.1 enabled.
>
> The rough consensus seems to be that it's ok for you to use Debian
> unstable as a test-bed for your experiment to disable TLS 1.0 and TLS
> 1.1.
>
> While that might not be practical to manage when you have to push an
> update to testing, it's a burden that you should accept since you
> believe that Debian experimental will not give enough exposure.
>
> Please do listen to your fellow developers. Thank you.
>
> Cheers,
>
> PS: I'm filing this because I would like to not have to fork OpenSSL
> for Kali. It's counter-productive to go too fast in deprecating old
> protocols. You will only get less users using the official Debian
> package with all the risks it involves.
>
> Or at least I would like a system-wide flag (in a configuration file?)
> to
> let me re-enable old protocols easily.
https://packages.qa.debian.org/o/openssl/news/20170824T211015Z.html
seems to have pushed this onto client applications? I.e. it's no longer
hard disabled but client applications need to explicitly enable them?
Kind regards
Philipp Kern
More information about the Pkg-openssl-devel
mailing list