On 27/06/2025 07:30, Phil via Info wrote: > Hi, > > thanks for your great work! > > But… disabling starttls by default, without deprecating it before, is a > breaking change. Is a version increment at patch level (speaking of > semantic versioning) really the right place for that?
I see another problem with allowstarttls (and its default) at least on 3.8.6. Since I'm not sure if I got it right I wanted to discuss it here first before filing a bug. In my/any murder world the frontends proxy all connections by connecting to the nonTLS ports and upgrading them by using STARTTLS/UPGRADE. There is no option to force a proxy to use implicit TLS (correct me if I'm wrong here!). The patches for allowstarttls now practically disable proxying if a backend forces the use of TLS (eg. for AUTH) and allowstarttls is off ... immediately breaking a murder cluster with defaults set to false. Disabling STARTTLS for the "outer world" only seems impossible either in case of murder. Greetings, Wolfgang -- Wolfgang Breyha <[email protected]> | https://www.blafasel.at/ Vienna University Computer Center | Austria ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/Taebcc3258223951f-Mad4d25da7dda156b9bbe4984 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
