Hi, I think this problem is a little more serious. It basically means that:
1. We have to disable TLSv1.1/1.2 if we want to be interoperable with certain systems that are (sadly) still widely used. TLSv1.2 is a major new feature, disabling it is not what we want. 2. Since you can't always disable TLSv1.1/1.2 in every application, it means we sometimes have to disable TLS altogether, or where TLS is required, you just won't be able to connect. This means openssl in wheezy is sometimes unusable.
The discussion here[1] seems to be misguided. Of course it's nice for every app to expose openssl options in its config, but openssl is what is broken here.
As for blaming the remote side - GnuTLS apps in wheezy are able to talk to MS Exchange (same exact servers having this error with postfix) with no specific configuration changes, having TLSv1.2 still enabled (e.g. exim).
[1] http://web.archiveorange.com/archive/v/ATzXXOjuq9y3yWEltUyY Thanks, Gedalya -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
