On 2018-09-05 10:30:23 [-0400], Antoine Beaupré wrote: > Control: block 907807 by 907015 > > On 2018-09-05 15:53:46, Vincent Bernat wrote: > > ❦ 5 septembre 2018 09:30 -0400, Antoine Beaupré <anar...@orangeseeds.org>: > > > >> So I've forwarded the bug upstream to see if we can get a hint there. I > >> originally thought this was a 1.1 transition problem, but as it turns > >> out, linkchecker loads those sites fine in buster, which still has > >> 1.1.0. > > > > It's 1.1.1 which comes with more strict checks on everything. I think > > there is a metabug about this: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907015 > > I see. So I guess this blocks that then, adding to the pile.
but why? | - ones without SNI huh. If linkchecker is lacking SNI support than please add this to linkcheker. Once this is done, I can a versioned break to libssl. Otherwise I don't understand. | - ones with DH parameters too small | - ones using TLS 1.0 | - ones still using SHA1 for the signature (get.adobe.com) This is a limitation of the remote site. You can either get the remote site fix it (TLS1.0 in 2018, srsly?) or override the default openssl policy (please consider this as the last resort). > A. Sebastian
