Control: found -1 2.4.63-1
Control: found -1 2.4.64-1
Control: tags -1 security

On 2023-11-15 13:32:32 +0100, David Pr�vot wrote:

Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a �crit :

I was expecting TLS 1.0 and 1.1 to be disabled

Same here. Four years later, RFC 8996 (Deprecating TLS 1.0 and TLS 1.1)
has been published and most clients have been updated, so could we
please review the default SSLProtocol before Trixie gets released?

I'm also wondering why they are still enabled by default...

--
Vincent Lef�vre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, Jul 17, 2025 at 01:23:30AM +0200, Vincent Lefevre wrote:

Control: found -1 2.4.63-1
Control: found -1 2.4.64-1
Control: tags -1 security

On 2023-11-15 13:32:32 +0100, David Pr�vot wrote:

Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a �crit :

I was expecting TLS 1.0 and 1.1 to be disabled

Same here. Four years later, RFC 8996 (Deprecating TLS 1.0 and TLS 1.1)
has been published and most clients have been updated, so could we
please review the default SSLProtocol before Trixie gets released?

I'm also wondering why they are still enabled by default...

Do you still see it enabled? As far as I know, OpenSSL now not
only requires you to enable the protocol, but also lower the security
level to 0 to be able to do TLs 1.0 and 1.1.


Kurt

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)