On 14/01/17 16:20, Ryan Nix wrote: > Are we allowed to set our mirrors with ssl enabled? I think Let's Encrypt is one of the greatest technologies ever so I used their Certbot tool to enable ssl on our mirror. > Hi, Having TLS on even mirror.centos.org was evaluated, but because we still have CentOS 5 yum clients, we decided to wait until it disappears (soon). Starting from 6, yum can handle https fine, even through redirect. At your personal mirror, you can do whatever you want, but keep in mind that the old perl crawler script we use behind http://mirror-status.centos.org *doesn't* support https at the moment. So you can enable it, but not enforce it, otherwise, your mirror wouldn't be validated and so would be removed from yum mirrorlists (until we rewrite it completely, which is also a *very* good idea) Some other mirrors have TLS enabled but it's just that it's not listed on https://www.centos.org/download/mirrors (for the reason mentioned above) Cheers, -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20170117/7aba5d82/attachment-0006.sig>