The libanyevent-perl version 7.140-3 included a fix for this.
It migrated to the then still testing (buster was not yet released)
on 07.04.2019, and so we can safely revert this workaround again
here.
Albeit this was fixed since Buster was officially released, still
bump the version dependency to libanyevent-perl in debian/control.
A future libanyevent-perl will use "ffdhe3072" for DH; another good
reason to revert this, to not keep hardcoded parameters with possible
(future) security implications here.
[0]: https://tracker.debian.org/news/
1037514/libanyevent-perl-7140-3-migrated-to-testing/
This reverts commit
ea574439f76bb3914b8b8c0be8e40ee826c95afc.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
sslv2 => 0,
sslv3 => 0,
verify => 1,
- # be compatible with openssl 1.1, fix for debian bug #923615
- # remove once libanyeven-perl with this fix transitions to buster
- dh => 'schmorp2048',
verify_cb => sub {
my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
# we don't care about intermediate or root certificates
Package: libpve-http-server-perl
Architecture: all
Depends: libanyevent-http-perl,
- libanyevent-perl,
+ libanyevent-perl (>= 7.140-3),
libcrypt-ssleay-perl,
libhtml-parser-perl,
libhttp-date-perl,