[Pkg-openldap-devel] Bug#462588: Same problem
Russ Allbery
rra at debian.org
Mon Feb 4 01:29:47 UTC 2008
Steve Langasek <vorlon at debian.org> writes:
> I'm pretty sure I don't want to implement support for migrating the full set
> of OpenSSL cipher specs in shell. :P
>
> Do you think converting the above aliases would be good enough coverage?
> Or do we need to provide some upgrade handling for all the
> possibilities, and therefore we're doomed to add yet another debconf
> error message here? In the latter case I'm probably not going to spend
> the effort on auto-migrating any of the values.
I would just comment out the cipher list directive completely on upgrade
and document the need to correct it manually if desired in NEWS.Debian.
The most common use of this directive is to restrict use of weak ciphers,
which GnuTLS doesn't support in the first place.
It is unforunate that GnuTLS doesn't support the same general keywords as
OpenSSL, and it seems like that would be easy enough for GnuTLS to add.
Maybe a wishlist bug against GnuTLS is in order?
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-openldap-devel
mailing list