Hi List,
Does anyone know why the above URL is still using TLS V1.0.
I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore.
Thanks for any enlightenment.
Steve
Stop paranoia? Tlsv1.0 is not recommended when storing credit card data.
Eero Hi List,
Does anyone know why the above URL is still using TLS V1.0.
I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore.
Thanks for any enlightenment.
Steve
On Fri, 25 Mar 2016 16:50, Eero Volotinen wrote:
Stop paranoia? Tlsv1.0 is not recommended when storing credit card data.
Eero Hi List,
Does anyone know why the above URL is still using TLS V1.0.
I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore.
Thanks for any enlightenment.
Steve
@Eero: IMHO you are missing some points here. There are more and more browsers that are unable to use SSL{2,3} as well as TLS1.0, not just disabled via config, but this decission was made at compile time. Newer Android and Apple-iOS devices for example.
And the point is not that the site supports TLS1.0, but that it does not support TLS1.1 and/or TLS 1.2, and as such is incassessible to devices that ask for TLS1.1 as minimum for HTTPS.
But that is for the admins/webmasters of the servers to resolve.
- Yamaban
@Eero: IMHO you are missing some points here. There are more and more browsers that are unable to use SSL{2,3} as well as TLS1.0, not just disabled via config, but this decission was made at compile time. Newer Android and Apple-iOS devices for example.
This is not true. it works fine with latest android and ios. I just tested it.
And the point is not that the site supports TLS1.0, but that it does not support TLS1.1 and/or TLS 1.2, and as such is incassessible to devices that ask for TLS1.1 as minimum for HTTPS.
But that is for the admins/webmasters of the servers to resolve.
Many sites are still using centos 5 and clones and cannot support tls 1.2 and tls 1.1 without upgrade.
-- Eero
On 25.03.2016 17:29, Eero Volotinen wrote:
@Eero: IMHO you are missing some points here. There are more and more browsers that are unable to use SSL{2,3} as well as TLS1.0, not just disabled via config, but this decission was made at compile time. Newer Android and Apple-iOS devices for example.
This is not true. it works fine with latest android and ios. I just tested it.
The latest version of Android is Marshmallow and currently is only installed on 2.3% of the devices out there: http://developer.android.com/about/dashboards/index.html
You cannot just support the latest version of a client if your site is accessed by regular users out there.
And the point is not that the site supports TLS1.0, but that it does not support TLS1.1 and/or TLS 1.2, and as such is incassessible to devices that ask for TLS1.1 as minimum for HTTPS.
But that is for the admins/webmasters of the servers to resolve.
Many sites are still using centos 5 and clones and cannot support tls 1.2 and tls 1.1 without upgrade.
Then they might be forced to upgrade to a newer CentOS version. If you only run your personal blog then you can of course whatever you want but if you run a commercial site then the OS you can run depends on what the clients support and not the other way around.
Regards, Dennis
actually that isn't true either. Just install a newer version of firefox or chrome or whatever..then you are independent of the operating system in many cases.
On 3/26/2016 9:00 AM, Dennis Jacobfeuerborn wrote:
On 25.03.2016 17:29, Eero Volotinen wrote:
@Eero: IMHO you are missing some points here. There are more and more browsers that are unable to use SSL{2,3} as well as TLS1.0, not just disabled via config, but this decission was made at compile time. Newer Android and Apple-iOS devices for example.
This is not true. it works fine with latest android and ios. I just tested it.
The latest version of Android is Marshmallow and currently is only installed on 2.3% of the devices out there: http://developer.android.com/about/dashboards/index.html
You cannot just support the latest version of a client if your site is accessed by regular users out there.
And the point is not that the site supports TLS1.0, but that it does not support TLS1.1 and/or TLS 1.2, and as such is incassessible to devices that ask for TLS1.1 as minimum for HTTPS.
But that is for the admins/webmasters of the servers to resolve.
Many sites are still using centos 5 and clones and cannot support tls 1.2 and tls 1.1 without upgrade.
Then they might be forced to upgrade to a newer CentOS version. If you only run your personal blog then you can of course whatever you want but if you run a commercial site then the OS you can run depends on what the clients support and not the other way around.
Regards, Dennis
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 03/25/2016 08:08 AM, Steve Clark wrote:
Hi List,
Does anyone know why the above URL is still using TLS V1.0.
I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore.
Thanks for any enlightenment.
Steve
TLS 1.0 is still safe but the server should upgrade to allow TLS 1.2
For my more sensitive servers I only allow TLS 1.2 because every modern browser supports it, so there isn't a justification for still allow TLS 1.0 as it is always possible there is a zero-day.
On 25/03/16 16:08, Steve Clark wrote:
Hi List,
Does anyone know why the above URL is still using TLS V1.0.
I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore.
Thanks for any enlightenment.
Steve
Something that is already on the TODO list, as that's actually the only remaining CentOS 5 node, reason why it doesn't support something higher than tls 1.0 The whole setup will be reinstalled/migrated to c7 in the following weeks (time permitting).
On 29/03/16 18:09, Fabian Arrotin wrote:
On 25/03/16 16:08, Steve Clark wrote:
Hi List,
Does anyone know why the above URL is still using TLS V1.0.
I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore.
Thanks for any enlightenment.
Steve
Something that is already on the TODO list, as that's actually the only remaining CentOS 5 node, reason why it doesn't support something higher than tls 1.0 The whole setup will be reinstalled/migrated to c7 in the following weeks (time permitting).
Just to close that thread : migration of the website/forums was announced and scheduled for today, and it went live earlier today. So now you should be able to use TLSv1.2
-
Alice Wonder -
Dennis Jacobfeuerborn -
Eero Volotinen -
Fabian Arrotin -
Steve Clark -
William Warren -
Yamaban