Hi,
I think a separate openssl-insecure package with an (possibly statically
linked) "/usr/bin/openssl-insecure" binary should be safe enough that
people don't "accidentally" use it.
If you would want to really make sure it isn't abused you'd put it
somewhere in /usr/lib/openssl-insecure/.
Hmmm,... the problem if one really makes a openssl-insecure package is,
that in the end someone might even accidentally use that in some
production area.
Perhaps one can rule that out by adding e.g. a special command argument
that is required or the openssl-insecure would immediately exit with an
Package: testssl.sh
Version: 2.6+dfsg1-2
Severity: wishlist
Debian's standard openssl installation does not provide every
(mis)feature. This results in some things not being testable by
testssl.sh. Example snippet:
56 Bit encryptionLocal problem: No 56 Bit encryption configured in
3 matches
Mail list logo
