[CentOS] Firefox 38 and Older TLS sites

Wed May 13 15:35:30 UTC 2015
Johnny Hughes <johnny at centos.org>

On 05/13/2015 06:57 AM, Tris Hoar wrote:
> On 13/05/2015 11:12, Johnny Hughes wrote:
>> All,
>>
>> Red Hat released the source code for Firefox 38.  We have (or willbe
>> today) releasing this for CentOS-5, CentOS-6, and CentOS-7.
>>
>> It does not, by default, connect to https sites with TLS less than 1.2.
>> This means it will not connect to sites on CentOS-5, for example ..
>> there are many others.
>>
>> In any event, here is a wiki article that explains potential issues and
>> workarounds:
>>
>> http://wiki.centos.org/TipsAndTricks/Firefox38onCentOS
>>
> 
> Hi Johnny,
> 
> My reading of https://access.redhat.com/node/1422403 is Firefox 38 will
> connect to sites using TLS 1.0 and 1.1. But ONLY if the server correctly
> negotiates the connection. This should only effect sites that close the
> initial connection due to not understanding TLS 1.2.
> 
> A quick test connecting to a RHEL5 server over HTTPS with Firefox 38
> shows it has established a TLS 1.0 connection so this should not really
> effect CentOS 5.
> 

You are correct, it will not automatically negotiate a downgrade only.
Thank goodness.  Still will impact a lot of sites, but not all non TLS 1.2.

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150513/3308734f/attachment-0005.sig>