Bug#784153: don't use TLSv1 by default, use SSLv23
Tzafrir Cohen
tzafrir at cohens.org.il
Mon May 4 16:41:50 UTC 2015
Hi,
On Mon, May 04, 2015 at 11:11:12AM -0400, Emmanuel Lepage wrote:
> Ring is not ready to replace SFLphone in Sid as we depend on
> some pjproject patches. One is to use GnuTLS instead of OpenSSL
Interesting.
> and the other to expose certificates and ciphers in the API. We
> use this to create a Firefox/Chrome like security asset evaluation
> (work in progress). We never had luck getting those kind of patches
> merged upstream, so for now we are using a static pjproject lib.
Please file bugs vs. the pjproject Debian package (be those wishlist
bugs).
I generally had better luck with them.
>
> The problem with the old sflphone security features is that they
> are way too complicated for the user to configure. In the end this
> probably make the whole package less secure. This cannot be fixed
> and backported into Jessie, so dropping SSLv23 from the GUI is
> probably the least problematic option.
>
> Patches:
> https://projects.savoirfairelinux.com/projects/ring-daemon/repository/revisions/master/show/contrib/src/pjproject
It would be nice if you could add some description somewhere.
E.g. Debian dep5 patches, git format-patch, or just some extra lines of
description before the diff.
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
More information about the Pkg-voip-maintainers
mailing list