[Secure-testing-team] Bug#769904: gnutls28: please disable SSLv3
Thijs Kinkhorst
thijs at debian.org
Mon Nov 17 14:28:02 UTC 2014
Package: gnutls28
Version: 3.3.8-4
Severity: important
Tags: security
Hi,
Can SSLv3 be disabled in our GnuTLS build please?
As a reference, OpenSSL disabled this in jessie and sid:
https://packages.qa.debian.org/o/openssl/news/20141015T180434Z.html
It would be good for security and consistency if GnuTLS would also adopt this
approach and disable the legacy protocol in jessie and sid.
Cheers,
Thijs
More information about the Secure-testing-team
mailing list