[Pkg-openssl-devel] Bug#875423: Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)

[James Cloos]

>>>>> "KR" == Kurt Roeckx <kurt at roeckx.be> writes:

KR> On Mon, Sep 11, 2017 at 11:33:22AM +0200, Raphaël Hertzog wrote:
>> Or at least I would like a system-wide flag (in a configuration file?) to
>> let me re-enable old protocols easily.

KR> It was my understanding that other people also prefered to do this
KR> on a per package level and not system wide.

But the other way round.

Openssl should by default support >= 1.0, and the individual packages
should be the ones to limit it to 1.2 or later.

That limit should be run-time and the config files which do it should
have comments explaining exactly how to undo it.

And packages like MTAs and web servers should have those configs
commented out so that they work by default with 1.0+.

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6