[Pkg-openssl-devel] Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)

Raphael Hertzog hertzog at debian.org
Mon Sep 11 10:30:30 UTC 2017


On Mon, 11 Sep 2017, Philipp Kern wrote:
> https://packages.qa.debian.org/o/openssl/news/20170824T211015Z.html seems to
> have pushed this onto client applications? I.e. it's no longer hard disabled
> but client applications need to explicitly enable them?

Yes, I'm aware of that but Kurt never said that he would be willing to
back off from completely disabling it before the buster release and
I don't see any benefit in modifying all server applications to re-enable
the protocols that we want to support out-of-the box because there 
are (outside of Debian) old applications that will have to connect to
those servers.

I understand we need to fix the client applications that we ship in Debian
so that they work with TLS 1.2-only servers and for this it might be
useful to disable TLS 1.0 and TLS 1.1 by default in unstable for a while.

But in Debian testing, we have real end-users (direct and through
"rolling" derivatives) and they should not have to be impacted by this
experiment IMO.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/



More information about the Pkg-openssl-devel mailing list