[Pkg-openssl-devel] Bug#875423: Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)

James Cloos cloos at jhcloos.com
Sat Sep 23 19:38:56 UTC 2017


>>>>> "KR" == Kurt Roeckx <kurt at roeckx.be> writes:

KR> On Mon, Sep 11, 2017 at 11:33:22AM +0200, Raphaël Hertzog wrote:
>> Or at least I would like a system-wide flag (in a configuration file?) to
>> let me re-enable old protocols easily.

KR> It was my understanding that other people also prefered to do this
KR> on a per package level and not system wide.

But the other way round.

Openssl should by default support >= 1.0, and the individual packages
should be the ones to limit it to 1.2 or later.

That limit should be run-time and the config files which do it should
have comments explaining exactly how to undo it.

And packages like MTAs and web servers should have those configs
commented out so that they work by default with 1.0+.

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6



More information about the Pkg-openssl-devel mailing list