[Haskell-cafe] heads-up: tls v2.0.0
Michael Peyton Jones
me at michaelpj.com
Fri Jan 19 23:13:32 UTC 2024
This can be a good use for a cabal flag. You can have a manual,
off-by-default flag that enables it. Then you don't need another package.
M
On Fri, 19 Jan 2024, 22:44 Jo Durchholz, <jo at durchholz.org> wrote:
> Thanks for the explanations; I now have a better understanding of the
> issues at hand, and I hope this has helped others as well.
>
> My personal take would be to move TLS 1.0/1 out into a separate library,
> say, tls-deprecated.
> One, this clearly marks the mechanism as something not to be used unless
> you really need it.
> Second, people who just use TLS will stick with the standard tls
> library, and won't get old TLS activated by some funny accident (such as
> misconfiguration); after all, code that isn't there can't be involved in
> some security shenanigans.
>
> Just my 2 cents, trying to reconcile legacy needs and security-by-design
> aspects as far as possible.
> I hope it helps somebody.
>
> Regards,
> Jo
> _______________________________________________
> Haskell-Cafe mailing list
> To (un)subscribe, modify options or view archives go to:
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
> Only members subscribed via the mailman list are allowed to post.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20240119/9575fec8/attachment.html>
More information about the Haskell-Cafe
mailing list