Bug#735852:

[Ingo Bauersachs]

The defaults seen in this configuration page come from the underlying Java
package. While I agree that TLS 1.1/1.2 should be enabled (and SSL3
disabled), my personal opinion is that the system's Java package should come
with these defaults.

If we opt to override this by default, we shouldn't limit it to SIP, which
creates a whole lot of required changes (but unrelated to Debian of course).

Ingo


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#735852: jitsi: TLS 1.1/1.2 disabled by default

[Kurt Roeckx]

Package: jitsi
Version: 2.4.4997-1

Hi,

When looking at options->advanced->SIP I see that TLS 1.0 is the
only protocol that is enabled and that 1.1 and 1.2 are disabled.
This default doesn't make any sense to me, and you really should
enable TLS 1.2 by default.

I'm not sure what the reason for disabling it is.  Are you worried
about sites that are intolerant to it?  Are you really seeing this
as a problem?  Maybe you should then have some fall back
mechanism?

I might have changed something in that dialog box before, I'm not
sure, but I would clearly not disable 1.1 or 1.2, but I don't
remember changing anything.  I think the options are new so this
might be an upgrade issue?



Kurt


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org