OpenSSL disables TLS 1.0 and 1.1

To: debian-devel-announce@lists.debian.org

Subject: OpenSSL disables TLS 1.0 and 1.1

From: Kurt Roeckx <kurt@roeckx.be>

Date: Mon, 7 Aug 2017 03:42:39 +0200

Message-id: <[🔎] 20170807014238.mf64rdvgpdkpaiwa@roeckx.be>

Mail-followup-to: debian-devel@lists.debian.org

Hi, I've just uploaded a version of OpenSSL to unstable that disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. Kurt