This can be a good use for a cabal flag. You can have a manual,
off-by-default flag that enables it. Then you don't need another package.
M
On Fri, 19 Jan 2024, 22:44 Jo Durchholz,
Thanks for the explanations; I now have a better understanding of the issues at hand, and I hope this has helped others as well.
My personal take would be to move TLS 1.0/1 out into a separate library, say, tls-deprecated. One, this clearly marks the mechanism as something not to be used unless you really need it. Second, people who just use TLS will stick with the standard tls library, and won't get old TLS activated by some funny accident (such as misconfiguration); after all, code that isn't there can't be involved in some security shenanigans.
Just my 2 cents, trying to reconcile legacy needs and security-by-design aspects as far as possible. I hope it helps somebody.
Regards, Jo _______________________________________________ Haskell-Cafe mailing list To (un)subscribe, modify options or view archives go to: http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe Only members subscribed via the mailman list are allowed to post.