OoO Peu avant le début de l'après-midi du jeudi 22 décembre 2011, vers 13:38, Arno Töll <debian@toell.net> disait : > I'm sorry you're right. I was indeed misleading as I just copied the > NEWS entry I wrote for Unstable where things are slightly different. I > admit I shouldn't have copied it for Stable and Unstable as it was, as > things are not directly adaptable there. OpenSSL in unstable does not support TLS 1.2 either. I think that the solution is for a future OpenSSL version (maybe TLS 1.2 is supported in 1.1 but I am not sure). > Regarding your comments I can see how I could have been more clear but I > think the things you mentioned aren't that crucial it would justify a > new DSA. I will however reformulate some parts for the next Unstable > upload. Yes, you are right. Your advice still works since without TLS 1.2 the only mitigation available is to fallback to RC4 and that's what happen with the provided configuration. -- Vincent Bernat ☯ http://vincent.bernat.im panic("Attempted to kill the idle task!"); 2.2.16 /usr/src/linux/kernel/exit.c
Attachment:
pgp1rgRUIzcgE.pgp
Description: PGP signature