This can be a good use for a cabal flag. You can have a manual, off-by-default flag that enables it. Then you don't need another package.

M

On Fri, 19 Jan 2024, 22:44 Jo Durchholz, <jo@durchholz.org> wrote:
Thanks for the explanations; I now have a better understanding of the
issues at hand, and I hope this has helped others as well.

My personal take would be to move TLS 1.0/1 out into a separate library,
say, tls-deprecated.
One, this clearly marks the mechanism as something not to be used unless
you really need it.
Second, people who just use TLS will stick with the standard tls
library, and won't get old TLS activated by some funny accident (such as
misconfiguration); after all, code that isn't there can't be involved in
some security shenanigans.

Just my 2 cents, trying to reconcile legacy needs and security-by-design
aspects as far as possible.
I hope it helps somebody.

Regards,
Jo
_______________________________________________
Haskell-Cafe mailing list
To (un)subscribe, modify options or view archives go to:
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Only members subscribed via the mailman list are allowed to post.