Raphaël Hertzog <hert...@debian.org> writes: ... > Or at least I would like a system-wide flag (in a configuration file?) to > let me re-enable old protocols easily.
Just because I haven't seen anyone else suggest it: Would it be practical to have the normal packages drop TLS 1.0/1.1 support as currently planned, but have an alternative set of packages (called openssl-obsolescent, or openssl-tls-flawed, or whatever) with the TLS 1.0/1.1 support re-enabled, so that one could do the migration away from TLS 1.0/1.1, but still allow people who notice problems to deal with them by choosing to install this other set of packages? Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
signature.asc
Description: PGP signature