On 5 August 2017 23:31:33 CEST, Kurt Roeckx <k...@roeckx.be> wrote:

>I planned to break things by disabling TLS 1.0 and 1.1, which I
>might upload soon. I guess I can fix that at the same time.

Do you intend a transition like we had for SSLv2 removal or do you plan just to 
disable it? I remember a few packages using TLSv functions instead of SSLv23 
which is what should be used (and those will end up with nothing).

Removing TLS1.0 and TLS1.1 sounds early but given that we aim Buster it looks 
alright. My web server serves 1.2 only which only rejects a few bots of 
questionable origin. My email server logs a few 1.0 legitimate connections but 
that's how it is. They usually fallback to plain connection. Shouldn't we 
announce it on D-D-A?


Reply via email to