[CentOS-mirror] SSL for mirrors?

Tue Jan 17 07:34:32 UTC 2017
Fabian Arrotin <arrfab at centos.org>

On 14/01/17 16:20, Ryan Nix wrote:
> Are we allowed to set our mirrors with ssl enabled? I think Let's Encrypt is one of the greatest technologies ever so I used their Certbot tool to enable ssl on our mirror.
> 

Hi,

Having TLS on even mirror.centos.org was evaluated, but because we still
have CentOS 5 yum clients, we decided to wait until it disappears
(soon). Starting from 6, yum can handle https fine, even through redirect.

At your personal mirror, you can do whatever you want, but keep in mind
that the old perl crawler script we use behind
http://mirror-status.centos.org *doesn't* support https at the moment.
So you can enable it, but not enforce it, otherwise, your mirror
wouldn't be validated and so would be removed from yum mirrorlists
(until we rewrite it completely, which is also a *very* good idea)

Some other mirrors have TLS enabled but it's just that it's not listed
on https://www.centos.org/download/mirrors (for the reason mentioned above)

Cheers,

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20170117/7aba5d82/attachment-0006.sig>