On Thu, 26 Oct 2017 09:57:06 +0200 Raphael Hertzog wrote:
> Hello Kurt,
>
> On Fri, 22 Sep 2017, Kurt Roeckx wrote:
> > I have to admit that I didn't consider derivatives that take a
> > snapshot of testing, and we also seem to have a large amount of
> > people that do use testing. My intention was to target the more
> > advanced users, and having it in testing might be affecting more
> > people than I thought.
> >
> > So I am considering to only disable it in unstable and not in
> > testing.
>
> Any progress on this?
>
> Cheers,
> --
> R aphaël Hertzog ◈ Debian Developer
>
> Support Debian LTS: https://www.freexian.com/services/debian-lts.html
> Learn to master Debian: https://debian-handbook.info/get/
>
>
For now it seems that OpenSSL 1.1.0f-3+deb9u2 available in
stretch/security force TLS 1.2 only in https when using Apache (whatever
SSLProtocol Directive specify).
Is there any way to allow TLS 1 and TLS 1.1 with apache in stable ?
Thanks a lot
--
*Philippe Metzger*
+33 6 12 90 60 97 / +33 1 82 28 56 95
