[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL disables TLS 1.0 and 1.1

This is a really good idea!

On 12 August 2017 15:56:26 Tollef Fog Heen <tfheen@err.no> wrote:

]] Russ Allbery

That doesn't mean we can't make it very easy to disable TLS 1.0/1.1 or
encourage people to do that when possible, of course.  It would be great
for us to try to lead the way and push things forward a bit.  But I think
we're still going to have to make it very easy to enable TLS 1.0/1.1 for a
lot of people and applications for a bit longer.

While I think we might want to ship buster with TLS 1.0 available, I
think running with it disabled for parts of the development cycle is
very useful, since it exposes bugs we have in packages that will use
that version out of the box (isync being referred to elsethread).
Finding and fixing those bugs is good.

Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to: