Am Tue, 6 Aug 2024 05:02:14 -0400 schrieb Neil Horman <nhor...@openssl.org>:
> 1) Are distributions/users comfortable with this approach in the time > frame proposed? As a user, this is acceptable for me, but I know there are still machines outside that only offer such old versions. Some of them can't be upgraded easily because the vendor doesn't provide any new versions. > 3) If the deprecated protocols are re-enabled, what would constitute a > reasonable warning mechanism to inform users that these protocols are > going away at some point in the future to pressure users to update to > a newer, more secure protocol? Is it reasonable to output that on STDERR any time those protocols are used? Maybe log to syslog?
