On 19/05/16 03:17, Paul Wise wrote:
> On Wed, May 18, 2016 at 9:20 PM, Daniel Pocock wrote:
>
>> Can anybody comment on how Debian users will be impacted by SHA-1
>> deprecation?
>
> There is some info related to that in these two wiki pages:
>
> https://wiki.d
Can anybody comment on how Debian users will be impacted by SHA-1
deprecation?
In particular:
- will libraries like OpenSSL and GnuTLS continue to support it in
stretch and beyond?
- will web servers like Apache support it in server certificates or
certificate chains?
- will web servers and o
On 08/12/14 21:28, Daniel Pocock wrote:
>
>
> On 08/12/14 21:16, Kurt Roeckx wrote:
>> On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
>>>
>>> If I understand your reply correctly, the version in Ubuntu and Fedora
>>> will still ta
On 08/12/14 21:16, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
>>
>> If I understand your reply correctly, the version in Ubuntu and Fedora
>> will still talk TLS 1.0 with the version now waiting in jessie?
>
> Yes.
>
On 08/12/14 20:06, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
>>
>> Is it something that is going to happen with Ubuntu releases next year
>> (e.g. April 2015)?
>>
>> If so, it means that the repro package in jessie wo
On 08/12/14 19:25, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
>>
>> Will the TLSv1 method be removed in jessie or while jessie is still
>> supported?
>
> This is something post jessie.
>
Is it something that is going to ha
On 08/12/14 18:58, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
>>
>> I have no idea what technology is in use in the remote/client system.
>>
>> If my server socket is using TLSv1_method it is rejecting the connection
>&g
On 08/12/14 13:53, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
>>>> Just one other point: if somebody is trying sending the client hello
>>>> using SSL v2 record layer but indicating support for TLS v1.0, should
>>>> TL
On 08/12/14 12:36, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
>> On 08/12/14 11:12, Kurt Roeckx wrote:
>>> On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
>>>> Hi all,
>>>>
>>>
On 08/12/14 12:04, Thijs Kinkhorst wrote:
> On Mon, December 8, 2014 11:17, Daniel Pocock wrote:
>> In the library package (libresiprocate-1.9.deb) there is no default
>> SSL/TLS mode. It uses whatever the project using the library selects.
>> If some developer wants to ena
On 08/12/14 11:12, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
>> Hi all,
>>
>> I've made some changes to TLS code in reSIProcate
>>
>> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
>
On 08/12/14 10:48, Thijs Kinkhorst wrote:
> Hi Daniel,
>
> On Mon, December 8, 2014 09:16, Daniel Pocock wrote:
>> I've made some changes to TLS code in reSIProcate
>>
>> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
>>
>&g
On 08/12/14 10:20, Adam D. Barratt wrote:
> On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote:
> [...]
>> If it will help the release team, is there anybody from the security
>> team who could review the changes in my debdiff?
> Note that debian-security@lists.debian
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
- adding configuration options to override the options to
SSL_CTX_set_options (as it is possible there will be some user with old
VoIP hardware out there who wants
14 matches
Mail list logo
