[Pkg-openssl-devel] backport 1.1.1 to debian 9
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Nov 28 21:41:38 GMT 2018
On 2018-11-28 18:57:00 [+0100], Kurt Roeckx wrote:
> On Wed, Nov 28, 2018 at 06:28:00PM +0100, Oliver Z. wrote:
> >
> > > I think that the people who want to use mostly are to be able to use a
> > > webserver with TLS 1.3, and that they don't need many other applications
> > > using openssl, so it should probably work.
> >
> >
> > I would like to use it with nginx and postfix/dovecot. I do not understand
> > what you mean with "so it should probably work" - do you mean you are going
> > to do that, or does it mean you are not going to do that?
> > I thought its just a minor upgrade (at least if its semantic versioned),
> > only enabling tls1.3. Maybe i am wrong.
>
> The problem is that TLS 1.3 breaks things in various ways,
> depending on the software. I don't actually know what the status
> of postfix is. But I understand that you at least need the nginx
> version from backports.
lighttpd does not work in unstable with TLS1.3, apache does but not the
version in stable. python, perl and ruby were not too happy about it,
too. All in all I'm not too sure if it is a good idea…
> Kurt
Sebastian
More information about the Pkg-openssl-devel
mailing list