Your message dated Mon, 29 Oct 2018 00:09:57 +0000 with message-id <e1ggv82-000cly...@fasolo.debian.org> and subject line Bug#875423: fixed in openssl 1.1.1-2 has caused the Debian Bug report #875423, regarding openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875423: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875423 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openssl Version: 1.1.0f-5 Severity: serious Hello Kurt, I looked back at the debian-devel discussion and it seems to me that the majority of persons who expressed themselves (including Moritz Mühlenhoff of the Debian security team) believe that buster should ship with TLS 1.0 and TLS 1.1 enabled. Given this, I would like to request you to make sure that Debian testing has a version of openssl with TLS 1.0 and TLS 1.1 enabled. The rough consensus seems to be that it's ok for you to use Debian unstable as a test-bed for your experiment to disable TLS 1.0 and TLS 1.1. While that might not be practical to manage when you have to push an update to testing, it's a burden that you should accept since you believe that Debian experimental will not give enough exposure. Please do listen to your fellow developers. Thank you. Cheers, PS: I'm filing this because I would like to not have to fork OpenSSL for Kali. It's counter-productive to go too fast in deprecating old protocols. You will only get less users using the official Debian package with all the risks it involves. Or at least I would like a system-wide flag (in a configuration file?) to let me re-enable old protocols easily. -- System Information: Debian Release: buster/sid APT prefers oldoldstable APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- no debconf information
--- End Message ---
--- Begin Message ---Source: openssl Source-Version: 1.1.1-2 We believe that the bug you reported is fixed in the latest version of openssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated openssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 28 Oct 2018 23:52:24 +0100 Source: openssl Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc Architecture: source Version: 1.1.1-2 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Closes: 875423 907631 910459 911389 912067 Changes: openssl (1.1.1-2) unstable; urgency=medium . [ Sebastian Andrzej Siewior ] * Add Breaks on isync (See: #906955) * Fix autopkgtest (Closes: #910459) . [ Kurt Roeckx ] * Add Breaks on python-imaplib2 (See: #907079) * Add news entry regarding default TLS version and security level (Closes: #875423, #907631, #911389, #912067). Checksums-Sha1: 370f2c56271d1c5921ada195bfaf09f6bd9f3b7e 2604 openssl_1.1.1-2.dsc 6dbb33fedf6ed9f1252a5a7095c9b884874977e1 83652 openssl_1.1.1-2.debian.tar.xz b43ed1e8312efd4b9fab2cf03426f67471e72932 6132 openssl_1.1.1-2_source.buildinfo Checksums-Sha256: 04fc6eda57fbf20b6341c846e99c2b5fea1ea8f681bc714bb59929c688d80a85 2604 openssl_1.1.1-2.dsc 41bb79d0b716aa93d18f6067d5a0aad9890abc09ddd6de893ea1ec6074ec597c 83652 openssl_1.1.1-2.debian.tar.xz cd735f1646ece28cebbe2f0efcff70b0eedeca8dc1783957fc1413a891e31b3e 6132 openssl_1.1.1-2_source.buildinfo Files: d0aa78dc70ad3917f5bc4ce69ccaa70e 2604 utils optional openssl_1.1.1-2.dsc 22b32e1a29a07abcadd4d0d32494c6f8 83652 utils optional openssl_1.1.1-2.debian.tar.xz 2f247508a54703cce0b613116a9f0e68 6132 utils optional openssl_1.1.1-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAlvWQQAACgkQe5boFiqM 9dEasQ//X8uupZGXRcVRUVqmSKRXhu4mq/MXSAsbvBOWVmqAFHarxKJdyRrPViQK qH2zOvHr8AtAEXPJjvTcI9zN1vtcvw3TVpElqMyWabOfyxEiHRdUU0uEco7CiUla Li4nbJYg6MMPNGy0c+G7yOkYGwDxazONvt7rTZ5sO0zrnVSvK9eSPi5HgcQzpigm ZHdyTpbXU/K1bP3u9357Onw6q4DT3IGgzTfc1zK5W1pQaQSb4wxkZF1pyrPVHizm WNKhb5Q0lLeg0xh2x0G9SnxD5o2wIz2zmn7vgJ666PEwDeI+TRvLgrrIAvotuNJb H2m4x/M5fJVbaO6s0Ck8HIUV/0X7r6anMo4h7G2PC5Yhux7f8nMHBxcWkjvzM6JW n4aLXhfkOxp2Jj9TVOZ6rLtUD6tdDyFNGRAV0TOzediV+JntGFCMMMax0o4ACbm6 9OyXWnZLCTltzpPAdgb1WQ/vfwJKrCaAnRb5xjTPEkE9bln7b7zvhY3OTsXFBKKW 3owN/ieFMSJsMqn0kH8uR2kG/aWry4zuT7U/lH7CHxciILmC5WH8VdOuT0swWU+/ 3Q9iV+urKTvCvOYk8MhywRN1AToOoyh0m1B5FXVeRZWinA61ZGKuU6D1SleCPKLv i4WOTQVm7do9KFOckoBfQbGlLVqBXZcrDln6TVhgrhu9P241DCg= =vDtH -----END PGP SIGNATURE-----
--- End Message ---
