The defaults seen in this configuration page come from the underlying Java package. While I agree that TLS 1.1/1.2 should be enabled (and SSL3 disabled), my personal opinion is that the system's Java package should come with these defaults.
If we opt to override this by default, we shouldn't limit it to SIP, which creates a whole lot of required changes (but unrelated to Debian of course). Ingo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org