On 5 August 2017 23:31:33 CEST, Kurt Roeckx <k...@roeckx.be> wrote: >I planned to break things by disabling TLS 1.0 and 1.1, which I >might upload soon. I guess I can fix that at the same time.
Do you intend a transition like we had for SSLv2 removal or do you plan just to disable it? I remember a few packages using TLSv functions instead of SSLv23 which is what should be used (and those will end up with nothing). Removing TLS1.0 and TLS1.1 sounds early but given that we aim Buster it looks alright. My web server serves 1.2 only which only rejects a few bots of questionable origin. My email server logs a few 1.0 legitimate connections but that's how it is. They usually fallback to plain connection. Shouldn't we announce it on D-D-A? > >Kurt Sebastian
