On Wed, Nov 12, 2014 at 02:29:07PM +0100, Marco d'Itri wrote: > On Nov 12, Thijs Kinkhorst <th...@debian.org> wrote: > > > Can you remove SSLv3 from the default list? > I do not know the implications wrt clients support. > Christian, did you do any tests?
Not many, just with icedove and "openssl s_client". Although I have a few tens of users on my news server, I haven't got the faintest idea what clients they are using, but nobody has complained so far ;-) In the end, I think it'll be the admins decision like it is with web servers. When you integrate this for jessie, I'd suggest using "secure" defaults, as people upgrading from wheezy would expect things to change. So, no SSLv3, and prefer_server_ciphers true. OTOH, upstream now has "compatible" defaults in 2.5.4. Please also note that instead of using the patch I attached to the original message, you may want to use https://inn.eyrie.org/trac/changeset/9745 to keep in line with upstream. ciao, cm. -- ** christian mock in vienna, austria -- http://www.tahina.priv.at/ > www.flamingtext.com I'd never even heard of that site. I wonder what it'd take to convince the owner's goverment that they're terrorists? -- Lionel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
