Re: Bug#765512: general: distrust old crypto algos and protocols perdefault

To: debian developers <debian-devel@lists.debian.org>
Subject: Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
From: Brian May <brian@microcomaustralia.com.au>
Date: Thu, 16 Oct 2014 10:55:12 +1100
Message-id: <[🔎] CAA0ZO6D5rAt=ejyYU3iJFmvA_OUJ52wTa1AFrvOp+3yckfE4XA@mail.gmail.com>
In-reply-to: <[🔎] 20141015234441.GA146788@vauxhall.crustytoothpaste.net>
References: <[🔎] 20141015180933.18771.64526.reportbug@heisenberg.scientia.net> <[🔎] 20141015192521.GB424@chew.redmars.org> <[🔎] 1413402283.4706.20.camel@scientia.net> <[🔎] 543ED14D.1020307@freesources.org> <[🔎] 1413405340.4706.26.camel@scientia.net> <[🔎] 87r3y9aw3p.fsf@hope.eyrie.org> <[🔎] 20141015234441.GA146788@vauxhall.crustytoothpaste.net>

On 16 October 2014 10:44, brian m. carlson <sandals@crustytoothpaste.net> wrote:

Unfortunately, not all upstreams make good decisions. OpenSSL ships
with a set of default ciphers that is completely insecure. There is no
reason that every application using OpenSSL directly or indirectly[0]
should have to disable exportable ciphers, especially since almost
nobody uses them (nor wants to). HIGH:MEDIUM:!aNULL is a better
default.

What about security updates? Should Debian be releasing wheezy security updates for browsers, web servers, etc, that disable SSLv3 by default now that SSLv3 is considered insecure?

Brian May <brian@microcomaustralia.com.au>

Reply to:

Follow-Ups:
- Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Bug#765512: general: distrust old crypto algos and protocols perdefault
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
  - From: Jonas Meurer <jonas@freesources.org>
- Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
  - From: "brian m. carlson" <sandals@crustytoothpaste.net>

Prev by Date: Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
Next by Date: Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
Previous by thread: Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
Next by thread: Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
Index(es):
- Date
- Thread