I find that a futile goal as it goals against the consistency and minimization of attack surface goal that these policies are based on. Eventually these protocols will completely be removed from the OS libraries. It would be better to focus on giving good instructions to the user and warnings that these protocols will not be available for long, to help towards a transition to the newer generation of protocols rather than focus on keeping the old beasts alive.
regards, Nikos ________________________________________ From: Dimitri Papadopoulos <dimitri.papadopou...@cea.fr> Sent: Thursday, March 17, 2022 10:30 To: Nikos Mavrogiannopoulos; Daniel Lenski; David Woodhouse Cc: Eveno, Manuel; openconnect-devel Subject: Re: Trying to build openconnect 8.20 on ubuntu 20 One could re-enable TLS < 1.2, but it's always the same story: I don't want to do that for a whole system, just for specific (client) software. Dimitri Le 16/03/2022 à 18:20, Nikos Mavrogiannopoulos a écrit : > Note that Ubuntu disables TLS versions < 1.2. It is possible to re-enable > them via configuration changes as in: > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.ubuntu.com%2FSecurity%2FFeatures%23disable-legacy-tls&data=04%7C01%7C%7C3ef95dbaf64941bdae4508da07f8e1b5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637831062796710907%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=VH6qyo%2Bgn5kJ4y4s%2BxeSxyov9W4SO6py5CdNgljuz%2B0%3D&reserved=0 > > regards, > Nikos _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
