Re: OpenSSL disables TLS 1.0 and 1.1

To: debian-devel@lists.debian.org
Subject: Re: OpenSSL disables TLS 1.0 and 1.1
From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 12 Aug 2017 14:16:25 +0200
Message-id: <[🔎] 8760dtt206.fsf@err.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 871soh24m7.fsf@hope.eyrie.org> (Russ Allbery's message of "Fri, 11 Aug 2017 14:09:52 -0700")
References: <20170807014238.mf64rdvgpdkpaiwa@roeckx.be> <[🔎] 8737932yic.fsf@delenn.ganneff.de> <[🔎] 20170807185241.qqamsdbf5pyb3pch@bongo.bofh.it> <[🔎] 0dni8fh2k7j5v8@mids.svenhartge.de> <[🔎] 20170811112052.a4vkn3skwcoif5p7@bongo.bofh.it> <[🔎] 20170811125256.tmi265wt424hb6te@bongo.bofh.it> <[🔎] 871soh24m7.fsf@hope.eyrie.org>

]] Russ Allbery 

> That doesn't mean we can't make it very easy to disable TLS 1.0/1.1 or
> encourage people to do that when possible, of course.  It would be great
> for us to try to lead the way and push things forward a bit.  But I think
> we're still going to have to make it very easy to enable TLS 1.0/1.1 for a
> lot of people and applications for a bit longer.

While I think we might want to ship buster with TLS 1.0 available, I
think running with it disabled for parts of the development cycle is
very useful, since it exposes bugs we have in packages that will use
that version out of the box (isync being referred to elsethread).
Finding and fixing those bugs is good.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

Follow-Ups:
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Daniel Reichelt <debian@nachtgeist.net>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Ondřej Surý <ondrej@sury.org>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Hideki Yamane <henrich@debian.or.jp>

References:
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Joerg Jaspert <joerg@debian.org>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: md@Linux.IT (Marco d'Itri)
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Sven Hartge <sven@svenhartge.de>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: md@Linux.IT (Marco d'Itri)
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Marco d'Itri <md@Linux.IT>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Bug#871913: ITP: boot-clj -- Build tooling for Clojure
Next by Date: Re: OpenSSL disables TLS 1.0 and 1.1
Previous by thread: Re: OpenSSL disables TLS 1.0 and 1.1
Next by thread: Re: OpenSSL disables TLS 1.0 and 1.1
Index(es):
- Date
- Thread