Re: OpenSSL disables TLS 1.0 and 1.1

To: debian-devel@lists.debian.org
Subject: Re: OpenSSL disables TLS 1.0 and 1.1
From: Attila Szalay <sasa@debian.org>
Date: Tue, 8 Aug 2017 06:07:05 -0700
Message-id: <[🔎] CA+ZePRR9D1QhnFssjA2gvn4meQq87R13jxi88EJtutpsGuydZA@mail.gmail.com>
In-reply-to: <[🔎] 20170808T131948.GA.b9b7e.stse@fsing.rootsland.net>
References: <20170807014238.mf64rdvgpdkpaiwa@roeckx.be> <[🔎] 8737932yic.fsf@delenn.ganneff.de> <[🔎] CAL4L7=DkW9SS+TDkvfZZzcEcNR5pX5z5hhRDVA58Gd_GjGz7xw@mail.gmail.com> <[🔎] 20170808T131948.GA.b9b7e.stse@fsing.rootsland.net>

Hi,

My concern is less about https (hello iloms), but other kind of protocols. Ssl vpn, rdp servers, voip, etc. And embedded devices implements this protocols.

On Aug 8, 2017 7:35 AM, "Stephan Seitz" <stse+debian@fsing.rootsland.net> wrote:

On Mo, Aug 07, 2017 at 11:18:38 -0500, Michael Lustfield wrote:

Is there an actual need for the removal of TLS v1.{0,1}? Are either
considered broken or unsupported by upstream? If not, I'd be much more

That’s I like to know as well.

Doing a quick check on my appliances I could find the following TLSv1-only devices:
- some iDRAC (Dell)
- Netapp Filer
- Cisco Web Security Appliances

And what about mail appliances? If they offer only TLSv1 then the Debian mailserver will fallback to unencrypted transfer. I don’t think this is a good idea.

Shade and sweet water!

Stephan

--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |

Reply to:

References:
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Joerg Jaspert <joerg@debian.org>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Michael Lustfield <michael@lustfield.net>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Stephan Seitz <stse+debian@fsing.rootsland.net>

Prev by Date: Re: DocBook 5 for Debian
Next by Date: Can Ubuntu font be added to a Debian repository?
Previous by thread: Re: OpenSSL disables TLS 1.0 and 1.1
Next by thread: Re: OpenSSL disables TLS 1.0 and 1.1
Index(es):
- Date
- Thread