Package: slrn
Version: 1.0.3+dfsg-1
Severity: normal
Dear Maintainer,
I noticed that slrn only uses TLSv1.0 when connecting over SSL:
8 0.003899 2001:db8::119 2001:db8::119 48650 563 TLSv1 188
Client Hello
Frame 8: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Internet Protocol Version 6, Src: 2001:db8::119, Dst: 2001:db8::119
Transmission Control Protocol, Src Port: 48650 (48650), Dst Port: nntps (563),
Seq: 1, Ack: 1, Len: 102
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 97
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 93
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 0
Cipher Suites Length: 30
Cipher Suites (15 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 22
Extension: Extended Master Secret
Extension: status_request
Extension: renegotiation_info
Extension: SessionTicket TLS
Newer OpenSSL Packages disables TLSv1.0 and TLSv1.1 [1], which breaks slrn's
SSL Connections now.
[1]: https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
-- System Information:
Debian Release: 9.1
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages slrn depends on:
ii debconf [debconf-2.0] 1.5.61
ii libc6 2.24-11+deb9u1
ii libcanlock2 2b-8
ii libgnutls-openssl27 3.5.8-5+deb9u3
ii libgnutls30 3.5.8-5+deb9u3
ii libslang2 2.3.1-5
ii libuu0 0.5.20-9
slrn recommends no packages.
Versions of packages slrn suggests:
pn slrnpull <none>
-- debconf information excluded
