Re: openssl/libssl1 in Debian now blocks offlineimap?
- Date: Sun, 20 Aug 2017 12:23:36 +0300
- From: Adrian Bunk <bunk@xxxxxxxxxx>
- Subject: Re: openssl/libssl1 in Debian now blocks offlineimap?
On Fri, Aug 18, 2017 at 10:07:49PM +0200, Tollef Fog Heen wrote:
> ]] Adrian Bunk
> The PCI consortium extended the deadline until June
> 2018. Assuming that deadline holds, people with older machines will not
> be able to access services such as online banking or pay online in
Think of the "TLS 1.2 not working with WPA" discussed earlier here that
might still affect half a billion active Android devices at the buster
The online banking app running on such a device will support TLS 1.2
The PayPal app currently requires Android >= 4.0.3, released in 2011.
> ... but they're pragmatic.
> As they write in their press release: “…in the field a lot of business
> issues surfaced…” said Stephen Orfei, General Manager, PCI SSC. “We want
> merchants protected against data theft but not at the expense of turning
> away business, ...
It is permitted to run your online banking app on an Android device
with a 5 year old firmware with no security updates ever available.
> to make sure any users on platforms where support for that is
> lacking get a proper notification and a chance to move to something
Imagine Debian running on the AP providing the WiFi for a Cafe.
What you are saying is that the staff working at the Cafe should explain
to their customers that they have to buy a new phone if they want to use
 I haven't investigated how widespread this specific problem
actually is, or whether it can be mitigated - the point is that
it is unrelated to TLS versions supported by PayPal or online
banking apps running on the device
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed