Dear Moritz, Am Mittwoch, den 05.11.2014, 17:12 +0100 schrieb Moritz Muehlenhoff: > On Wed, Nov 05, 2014 at 05:07:15PM +0100, Joachim Breitner wrote: > > Am Mittwoch, den 05.11.2014, 16:45 +0100 schrieb Moritz Muehlenhoff: > > > Package: haskell-tls > > > Severity: important > > > Tags: security > > > > > > Hi, > > > openssl disabled SSLv3 for jessie since 1.0.1j-1. Shall we do the same > > > for haskell-tls? > > > > good question. Probably yes. Did openssl disable SSLv3 completely, or > > did it just removed it from the default list of accepted settings? > > openssl disabled it entirely; it features a dedicated build flag for it > (no-ssl3).
Ok, I think we can easily follow suit here. Removing code is always simple :-) > Could you approach haskell-tls upstream for their recommendation to disable > it? Vincent, did you consider this issue already? Greetings, Joachim -- Joachim "nomeata" Breitner Debian Developer nome...@debian.org | ICQ# 74513189 | GPG-Keyid: F0FBF51F JID: nome...@joachim-breitner.de | http://people.debian.org/~nomeata
signature.asc
Description: This is a digitally signed message part