Re: OpenSSL disables TLS 1.0 and 1.1

To: debian-devel@lists.debian.org
Subject: Re: OpenSSL disables TLS 1.0 and 1.1
From: Hideki Yamane <henrich@debian.or.jp>
Date: Sun, 20 Aug 2017 00:17:46 +0900
Message-id: <[🔎] 20170820001746.66d1a4de7b02fc3ebb425fac@debian.or.jp>
In-reply-to: <[🔎] 8760dtt206.fsf@err.no>
References: <20170807014238.mf64rdvgpdkpaiwa@roeckx.be> <[🔎] 8737932yic.fsf@delenn.ganneff.de> <[🔎] 20170807185241.qqamsdbf5pyb3pch@bongo.bofh.it> <[🔎] 0dni8fh2k7j5v8@mids.svenhartge.de> <[🔎] 20170811112052.a4vkn3skwcoif5p7@bongo.bofh.it> <[🔎] 20170811125256.tmi265wt424hb6te@bongo.bofh.it> <[🔎] 871soh24m7.fsf@hope.eyrie.org> <[🔎] 8760dtt206.fsf@err.no>

Hi,

On Sat, 12 Aug 2017 14:16:25 +0200
Tollef Fog Heen <tfheen@err.no> wrote:
> While I think we might want to ship buster with TLS 1.0 available, I
> think running with it disabled for parts of the development cycle is
> very useful, since it exposes bugs we have in packages that will use
> that version out of the box (isync being referred to elsethread).
> Finding and fixing those bugs is good.

Seconded in Tollef's opinion.

- This affects *only* testing and unstable, not stable release (yet).
  So, most of users are not influenced.
- We *can* revert it before Buster release if it would be too much
  wrong impact for us.
- This is done in early timing for Buster Cycle. We have enough time
  to see what is going on.

So, please file bugs with real world precise examples against affected
packages, and let's fix it first.


And, if it will not be reverted, maybe we can provide alternatives
such as openssh-client-ssh1 does.

> Package: openssh-client-ssh1
> (snip)
> Description: secure shell (SSH) client for legacy SSH1 protocol
> (snip)
>  This package provides the ssh1 and scp1 clients and the ssh-keygen1
>  utility, all built with support for the legacy SSH1 protocol. This
>  protocol is obsolete and should not normally be used, but in some cases
>  there may be no alternative way to connect to outdated servers.
>  .
>  In some countries it may be illegal to use any encryption at all
>  without a special permit.
> ...


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

Reply to:

References:
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Joerg Jaspert <joerg@debian.org>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: md@Linux.IT (Marco d'Itri)
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Sven Hartge <sven@svenhartge.de>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: md@Linux.IT (Marco d'Itri)
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Marco d'Itri <md@Linux.IT>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Russ Allbery <rra@debian.org>
- Re: OpenSSL disables TLS 1.0 and 1.1
  - From: Tollef Fog Heen <tfheen@err.no>

Prev by Date: Package Managers All the Way Down
Next by Date: Bug#872638: ITP: node-buble -- A fast ES2015 compiler for Node.js
Previous by thread: Re: OpenSSL disables TLS 1.0 and 1.1
Next by thread: Re: OpenSSL disables TLS 1.0 and 1.1
Index(es):
- Date
- Thread