Re: OpenSSL disables TLS 1.0 and 1.1
- Date: Sat, 12 Aug 2017 14:16:25 +0200
- From: Tollef Fog Heen <tfheen@xxxxxx>
- Subject: Re: OpenSSL disables TLS 1.0 and 1.1
]] Russ Allbery
> That doesn't mean we can't make it very easy to disable TLS 1.0/1.1 or
> encourage people to do that when possible, of course. It would be great
> for us to try to lead the way and push things forward a bit. But I think
> we're still going to have to make it very easy to enable TLS 1.0/1.1 for a
> lot of people and applications for a bit longer.
While I think we might want to ship buster with TLS 1.0 available, I
think running with it disabled for parts of the development cycle is
very useful, since it exposes bugs we have in packages that will use
that version out of the box (isync being referred to elsethread).
Finding and fixing those bugs is good.
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are