Le 12.11.2014 13:31, Thijs Kinkhorst a écrit :
On Wed, November 12, 2014 12:55, Marco d'Itri wrote:
Can I merge this for jessie?
I'd strongly prefer if we could indeed merge this for jessie.
Please use r9745 in SVN:
https://inn.eyrie.org/trac/changeset/9745
(The name of the tlsprefer_server_ciphers keyword is different in
upstream,
where it is tlspreferserverciphers, without any underscore, like all
other
inn.conf parameters.)
You can change the default values if you want (for instance removing
SSLv2
and SSLv3 from the allowed ciphers).
+=item I<tlsprotocols>
+
+The list of TLS protocol versions to support. Valid protocols are
+B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The default
+value is B<[ SSLv3 TLSv1 TLSv1.1 TLSv1.2 ]>.
Can you remove SSLv3 from the default list?
You could consider to leave out SSLv2 from the possibilities.
+=item I<tlscompression>
+
+Whether to enable or disable TLS compression support (boolean). The
+default is true.
Can we default this to false?
FYI, we keep backwards compatibility in the INN 2.5 upstream branch.
Changes scheduled in 2.6 are:
- SSL/TLS compression is now disabled by default;
- the server decides the preferred cipher;
- only TLS protocols are allowed (using the flawed SSLv2 and SSLv3
protocols is now disabled).
--
Julien ÉLIE
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/4b30603e6f69f8c2df017c9189ce4...@trigofacile.com
