On Fri, Feb 20, 2015 at 06:10:59PM +0100, Florian Schlichting wrote: > Hi Kurt, > > > > To protect our users and comply with adopted Internet standards, openssl > > > in Debian should no longer include RC4 ciphers in the DEFAULT list of > > > ciphers, neither in Jessie nor supported stable / oldstable releases. > > > > I fully support that RFC. However I don't think it's a good idea > > to remove it from DEFAULT in jessie. Reasons not to are: > > - Many servers only support RC4 so clients still need to support > > RC4 to be able to talk to them. Hopefully this RFC will change > > that. > > What servers, and what clients are we talking about here?
You might want to look at those stats: https://lists.fedoraproject.org/pipermail/security/2015-February/002069.html Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
