[CentOS] Firefox 38 and Older TLS sites
Johnny Hughes
johnny at centos.org
Wed May 13 15:35:30 UTC 2015
On 05/13/2015 06:57 AM, Tris Hoar wrote:
> On 13/05/2015 11:12, Johnny Hughes wrote:
>> All,
>>
>> Red Hat released the source code for Firefox 38. We have (or willbe
>> today) releasing this for CentOS-5, CentOS-6, and CentOS-7.
>>
>> It does not, by default, connect to https sites with TLS less than 1.2.
>> This means it will not connect to sites on CentOS-5, for example ..
>> there are many others.
>>
>> In any event, here is a wiki article that explains potential issues and
>> workarounds:
>>
>> http://wiki.centos.org/TipsAndTricks/Firefox38onCentOS
>>
>
> Hi Johnny,
>
> My reading of https://access.redhat.com/node/1422403 is Firefox 38 will
> connect to sites using TLS 1.0 and 1.1. But ONLY if the server correctly
> negotiates the connection. This should only effect sites that close the
> initial connection due to not understanding TLS 1.2.
>
> A quick test connecting to a RHEL5 server over HTTPS with Firefox 38
> shows it has established a TLS 1.0 connection so this should not really
> effect CentOS 5.
>
You are correct, it will not automatically negotiate a downgrade only.
Thank goodness. Still will impact a lot of sites, but not all non TLS 1.2.
Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150513/3308734f/attachment.sig>
More information about the CentOS
mailing list