Web lists-archives.com

Re: OpenSSL disables TLS 1.0 and 1.1




On 08/12/2017 02:16 PM, Tollef Fog Heen wrote:
> While I think we might want to ship buster with TLS 1.0 available, I
> think running with it disabled for parts of the development cycle is
> very useful, since it exposes bugs we have in packages that will use
> that version out of the box (isync being referred to elsethread).
> Finding and fixing those bugs is good.
> 

This got me thinking... how about a split of the generated binary
packages to generate a (default) set with only TLS 1.2 available and a
fallback set with the current configuration?


One would have to work out a convention for whether

1) the fallback set would have both Provides and Conflicts set or

2)  both sets should cooperate with each other and how
2.1) via alternatives
2.2) a more fine-grained approach to select an appropriately configured
library on a per-application basis (e.g. LD_PRELOAD?)


Cheers
Daniel

Attachment: signature.asc
Description: OpenPGP digital signature