Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

To: Kurt Roeckx <kurt@roeckx.be>, 943415@bugs.debian.org
Subject: Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default
From: David Prévot <taffit@debian.org>
Date: Wed, 15 Nov 2023 13:32:32 +0100
Message-id: <[🔎] ZVS6YNDkC8CpYekw@persil.tilapin.org>
Reply-to: David Prévot <taffit@debian.org>, 943415@bugs.debian.org
In-reply-to: <20191024155050.GA22125@roeckx.be>
References: <20191024155050.GA22125@roeckx.be> <20191024155050.GA22125@roeckx.be>

Hi,

Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a écrit :
> Package: apache2
> Version: 2.4.38-3
> 
> Hi,
> 
> I was expecting TLS 1.0 and 1.1 to be disabled

Same here. Four years later, RFC 8996 (Deprecating TLS 1.0 and TLS 1.1)
has been published and most clients have been updated, so could we
please review the default SSLProtocol before Trixie gets released? 

> Could you change the default to:
> SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Regards,

taffit

Attachment: signature.asc
Description: PGP signature

Reply to:

Next by Date: Napływ Klientów ze strony
Next by thread: Napływ Klientów ze strony
Index(es):
- Date
- Thread