Bug#865649: cups HTTPS issues -- Lack of SHA-2 certificate, weak TLSv1.0 crypto

Le samedi, 26 août 2017, 15.47:20 h CEST Didier Raboud a écrit : > > * Generate SHA-2 signed certificates by default. This will lessenthe > > additional browser warnings. > > The CUPS server certificates are setup to be ssl-cert's (see symlinking code > in cups-daemon.postinst, so that's a good

Bug#865649: cups HTTPS issues -- Lack of SHA-2 certificate, weak TLSv1.0 crypto

Control: tags -1 +upstream Control: forwarded -1 https://github.com/apple/cups/issues/5037 Control: tags -1 +wontfix # Not going to be a Debian-specific patch Le vendredi, 23 juin 2017, 09.42:33 h CEST of@protonmail.com a écrit : > * SHA-1 is officially deprecated for HTTPS certificates, but

Bug#865649: cups HTTPS issues -- Lack of SHA-2 certificate, weak TLSv1.0 crypto)

Was TLSv.1.0 already disabled back in July 2015 and this is a regression or is it time now to disable it permanently and completely in the default config? See below a prior changelog. cups (2.1~b1-1) * New 2.1~b1 release disable TLS/1.0 support. -- Didier Raboud Thu, 09 Jul

Bug#865649: cups HTTPS issues -- Lack of SHA-2 certificate, weak TLSv1.0 crypto

Package: cups Version: 2.2.1-8 * SHA-1 is officially deprecated for HTTPS certificates, but is still used for cups certificate generation. * TLSv1.0 is enabled for cups, but TLSv1.0 with CBC / SHA-1 is potentially vulnerable to BEAST attacks. I suggest two resolutions to correct this, even