Bug#903747: marked as done (tracker.debian.org: tighten TLS settings)

Sun, 15 Jul 2018 06:54:30 -0700 

Your message dated Sun, 15 Jul 2018 15:51:46 +0200
with message-id <20180715135146.gc28...@home.ouaza.com>
and subject line Re: Bug#903747: tracker.debian.org: tighten TLS settings
has caused the Debian Bug report #903747,
regarding tracker.debian.org: tighten TLS settings
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
903747: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903747
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: tracker.debian.org
Severity: wishlist

According to ssllabs [1], tracker.debian.org still uses
TLS-1.0 and some weak ciphers.

It would be nice to tighten TLS settings using Mozilla SSL config
generator [2].

Thanks.

[1]: 
https://www.ssllabs.com/ssltest/analyze.html?d=tracker.debian.org&s=5.153.231.23&latest
[2]: https://mozilla.github.io/server-side-tls/ssl-config-generator/

-- 
Best wishes,
 Dmitry Smirnov.

---

Truth — Something somehow discreditable to someone.
        -- H. L. Mencken, 1949

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
--- Begin Message --- 
Hi,

On Sat, 14 Jul 2018, Dmitry Smirnov wrote:
> According to ssllabs [1], tracker.debian.org still uses
> TLS-1.0 and some weak ciphers.
> 
> It would be nice to tighten TLS settings using Mozilla SSL config
> generator [2].

The TLS settings are controlled by the Debian System Administrators in a
coherent way for all the .debian.org hosts. I don't have have control over
them.

They review the TLS settings regularly and they have opted for a
compromise that they are happy with. If you have specific issues
and are willing to discuss those, please get in touch with them directly.

https://dsa.debian.org/

But for now they consider that keeping TLS 1.0 is still useful.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

--- End Message ---

Reply via email to