On 5 August 2017 23:31:33 CEST, Kurt Roeckx <k...@roeckx.be> wrote:
>I planned to break things by disabling TLS 1.0 and 1.1, which I
>might upload soon. I guess I can fix that at the same time.
Do you intend a transition like we had for SSLv2 removal or do you plan just to
disable it? I remember a few packages using TLSv functions instead of SSLv23
which is what should be used (and those will end up with nothing).
Removing TLS1.0 and TLS1.1 sounds early but given that we aim Buster it looks
alright. My web server serves 1.2 only which only rejects a few bots of
questionable origin. My email server logs a few 1.0 legitimate connections but
that's how it is. They usually fallback to plain connection. Shouldn't we
announce it on D-D-A?