On Sun, Oct 30, 2016 at 10:40:42PM +0100, Kurt Roeckx wrote: > On Sun, Oct 30, 2016 at 11:35:23PM +0200, Adrian Bunk wrote: > > I am raising this to RC severity since 1.0.2 will likely still be > > shipped in stretch, and removing ciphers from the 1.0.2 defaults > > that were already removed from the 1.1.0 defaults should clearly > > be done for stretch. > I did plan on disabling 3DES and RC4 in 1.0.2 for stretch.
Did this happen? This bug is now applying to the openssl1.0 as a RC bug. Kind regards Philipp Kern