Hi Joachim, > > openssl disabled it entirely; it features a dedicated build flag for it > > (no-ssl3). > > Ok, I think we can easily follow suit here. Removing code is always > simple :-) > > > Could you approach haskell-tls upstream for their recommendation to > > disable it? > > Vincent, did you consider this issue already?
Upstream has removed SSLv3 from the default cipher list: https://github.com/vincenthz/hs-tls/commit/5353bd2f717a31fd63c2a5d67112d8d8279bd1e6 Can you at least make an upload to sid that incorporates this patch so we can get it into jessie? Disabling it entirely is then of course still an option but removing it from the defaults list is already a big win. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org