Author: Alessandro Selli Date: To: dng Subject: Re: [DNG] openssl/libssl1 in Debian has disabled TLS 1.0 & 1.1
On Wed, 16 Aug 2017 at 13:24:36 +0200
Alessandro Selli <alessandroselli@???> wrote:
> On Wed, 16 Aug 2017 at 11:56:46 +0100
> ael <adrian.lawrence@???> wrote:
>
> [...]
>
> > Devuan needs to avoid importing this problem.
>
> It also needs to avoid been labelled as an unsafe distro, one of the few¹
> to still support unsecure protocols. After all, TLS v. 2.0 is from 1995,
> quite a long time ago.
Sorry, that's SSL v 2. TLS v. 1.2 is dated 2008. Not very long tome ago.
I'd favour disabling it by default, only to be enabled if esplicitly
configured to do so.