Re: SSL 3.0 and older ciphers selected in applications

To: Daniel Pocock <daniel@pocock.pro>
Cc: 772487@bugs.debian.org, debian-security@lists.debian.org
Subject: Re: SSL 3.0 and older ciphers selected in applications
From: Kurt Roeckx <kurt@roeckx.be>
Date: Mon, 8 Dec 2014 21:16:18 +0100
Message-id: <[🔎] 20141208201618.GA18670@roeckx.be>
In-reply-to: <[🔎] 5485F961.8080203@pocock.pro>
References: <[🔎] 20141208113655.GA25596@roeckx.be> <[🔎] 54859797.6070304@pocock.pro> <[🔎] 20141208125312.GC11304@roeckx.be> <[🔎] 5485A904.4090504@pocock.pro> <[🔎] 20141208175834.GA11879@roeckx.be> <[🔎] 5485EC69.2030509@pocock.pro> <[🔎] 20141208182501.GA3453@roeckx.be> <[🔎] 5485F12E.9090808@pocock.pro> <[🔎] 20141208190631.GA20827@roeckx.be> <[🔎] 5485F961.8080203@pocock.pro>

On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
> 
> If I understand your reply correctly, the version in Ubuntu and Fedora
> will still talk TLS 1.0 with the version now waiting in jessie?

Yes.

> Do you believe it would be reasonable for me to request a smaller
> unblock that just changes the call TLSv1_method to SSLv23_method?

That depends on wether it's acting as client or server.  If it's
acting as server I say yes.  If it's acting as client I suggest
you also have a way to turn off TLS 1.2.  I understand that it
needs to be able to talk to many different things and TLS 1.2 has
has been breaking things it shouldn't and you already indicated
problems with some products.  But maybe it just needs to be used
for a while with the SSLv23 method to see if there are problems or
not.

Kurt

Reply to:

Follow-Ups:
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>

References:
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>

Prev by Date: Re: SSL 3.0 and older ciphers selected in applications
Next by Date: Re: SSL 3.0 and older ciphers selected in applications
Previous by thread: Re: SSL 3.0 and older ciphers selected in applications
Next by thread: Re: SSL 3.0 and older ciphers selected in applications
Index(es):
- Date
- Thread