Re: Whats chances of getting libTLSv1.3 for stretch

To: debian-user@lists.debian.org
Subject: Re: Whats chances of getting libTLSv1.3 for stretch
From: Greg Wooledge <wooledg@eeg.ccf.org>
Date: Wed, 8 Jul 2020 07:54:33 -0400
Message-id: <[🔎] 20200708115433.GS22833@eeg.ccf.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 202007080512.20319.gheskett@shentel.net>
References: <[🔎] 202007080512.20319.gheskett@shentel.net>

On Wed, Jul 08, 2020 at 05:12:20AM -0400, Gene Heskett wrote:
> As a 2 decade user of fetchmail/procmail combo, I just updated to stretch 
> backports, but did not get a TLSv1.3, so when I configure the newest 
> fetchmail, I don't get ssl3 support.

Er... what?  This question doesn't make any sense.  I can't figure
out whether you're asking for a *newer* library or an *older* library
than what you have right now.

TLS 1.3 is very new, and is not assumed to be present by most
applications.

SSL 3 is extremely old, and has well-known exploited holes.  My
first Google hit for SSL 3 is a refernce to the POODLE exploit from
2014. <https://blog.qualys.com/ssllabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack>

Are you *really* trying to use SSL 3, because that's what you configured
the other end to use, "2 decades" ago?  If so, it is time to stop
doing that.  Upgrade *both* ends to use currently supported, non-vulnerable
TLS protocols.  At this point, TLS 1.2 is your most likely target.

Reply to:

Follow-Ups:
- Re: Whats chances of getting libTLSv1.3 for stretch
  - From: Gene Heskett <gheskett@shentel.net>

References:
- Whats chances of getting libTLSv1.3 for stretch
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: How To Permanently Add-to a Users PATH Statement in the Bash Shell
Next by Date: Re: minimizing buffer size (i.e. page cache) for bulk copy/rsync -- Re: Swappiness in Buster
Previous by thread: Whats chances of getting libTLSv1.3 for stretch
Next by thread: Re: Whats chances of getting libTLSv1.3 for stretch
Index(es):
- Date
- Thread