On 03/04/2015 05:40 PM, Kurt Roeckx wrote:
> On Wed, Mar 04, 2015 at 10:16:31AM +0200, Török Edwin wrote:
>> On 03/04/2015 07:10 AM, Kurt Roeckx wrote:
>>> On Tue, Mar 03, 2015 at 10:45:41PM +0200, Török Edwin wrote:
can you consider disabling the export suites in OpenSSL like LibreSSL did,
>
On Wed, Mar 04, 2015 at 10:16:31AM +0200, Török Edwin wrote:
> On 03/04/2015 07:10 AM, Kurt Roeckx wrote:
> > On Tue, Mar 03, 2015 at 10:45:41PM +0200, Török Edwin wrote:
> >> can you consider disabling the export suites in OpenSSL like LibreSSL did,
> >> and
> >> like you've done for SSLv3?
> >
On 03/04/2015 07:10 AM, Kurt Roeckx wrote:
> On Tue, Mar 03, 2015 at 10:45:41PM +0200, Török Edwin wrote:
>> can you consider disabling the export suites in OpenSSL like LibreSSL did,
>> and
>> like you've done for SSLv3?
>
> I do want to remove the export ciphers from the DEFAULT cipher
> string
On Tue, Mar 03, 2015 at 10:45:41PM +0200, Török Edwin wrote:
> can you consider disabling the export suites in OpenSSL like LibreSSL did, and
> like you've done for SSLv3?
I do want to remove the export ciphers from the DEFAULT cipher
string in all released branches. I have patches upstream to do
Package: libssl1.0.0
Version: 1.0.1k-1
Severity: normal
Dear Maintainer,
CVE-2015-0204 [1] happened because OpenSSL still had code supporting export
cipher suites.
LibreSSL has disabled the use of export cipher suites [2] and all the code
relating to use of export RSA [3]
Although I'd much rathe
5 matches
Mail list logo
