I can maybe take a stab at backporting to 0.206, as it's on my radar to do anyways.
Note this though: I don't think we should outright disable SSLv3 in a stable release. There is a code commit in the pull requests queue waiting for inclusion that allows the specification of SSLv3 being disabled - this in turn would allow 0.206 users to disable SSLv3 if they wish and not change a default that would maybe cause undesired confusion and results. Downstream in Ubuntu, the Security Team will not include the SSLv3-disabled-always changes, but may consider the pending "Configure disabling of protocols" commits. ------ Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
