Bug#774299: wheezy-pu: openssl: disable SSLv3 by default

To: Kurt Roeckx <kurt@roeckx.be>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 774299@bugs.debian.org
Subject: Bug#774299: wheezy-pu: openssl: disable SSLv3 by default
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 19 Feb 2015 16:29:07 +0100
Message-id: <[🔎] 20150219152907.GB32745@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 774299@bugs.debian.org
In-reply-to: <20150118105905.GA8835@pisco.westfalen.local>
References: <20141231125253.GA23984@roeckx.be> <1420034423.7476.41.camel@adam-barratt.org.uk> <20141231154129.GA18758@roeckx.be> <20150118105905.GA8835@pisco.westfalen.local>

On Sun, Jan 18, 2015 at 11:59:05AM +0100, Moritz Mühlenhoff wrote:
> On Wed, Dec 31, 2014 at 04:41:29PM +0100, Kurt Roeckx wrote:
> > On Wed, Dec 31, 2014 at 02:00:23PM +0000, Adam D. Barratt wrote:
> > > Control: tags -1 + moreinfo
> > > 
> > > On Wed, 2014-12-31 at 13:52 +0100, Kurt Roeckx wrote:
> > > > I would like to disable SSLv3 by default in wheezy.
> >
> > > Do we know how well other packages in wheezy cope with that? (I'm going
> > > to guess "not as well as in jessie".)

We could make updated binaries available for testing and ask people
to run them for a while?

> > One package that might be affected by this change is that python
> > has a test suite that tries all possible combinations of settings
> > and the test suite is probably going to fail because it's going to
> > expect to be able to set up an SSLv3 connection.
> 
> I will rebuild python in wheezy to check that.

A rebuild of python2.7 with a patched openssl went fine.

Cheers,
        Moritz

Reply to:

Prev by Date: Processed: Re: Bug#772107: unblock: bind-dyndb-ldap/6.0-4
Next by Date: Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
Previous by thread: Bug#778766: marked as done (unblock: whois/5.2.4)
Next by thread: Bug#778782: unblock: phpbb3/3.0.12-5
Index(es):
- Date
- Thread