I can maybe take a stab at backporting to 0.206, as it's on my radar
to do anyways.

Note this though: I don't think we should outright disable SSLv3 in a
stable release.  There is a code commit in the pull requests queue
waiting for inclusion that allows the specification of SSLv3 being
disabled - this in turn would allow 0.206 users to disable SSLv3 if
they wish and not change a default that would maybe cause undesired
confusion and results.  Downstream in Ubuntu, the Security Team will
not include the SSLv3-disabled-always changes, but may consider the
pending "Configure disabling of protocols" commits.

------
Thomas


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to