[CentOS] Firefox 38 and Older TLS sites

Thu May 14 12:49:36 UTC 2015
Jim Perrin <jperrin at centos.org>

This type of response to the list is unacceptable, and will result in
moderation or removal from the list if it continues.

On 05/14/2015 07:36 AM, Hal Wigoda wrote:
> Learn English.
> 
> On Wed, May 13, 2015 at 10:35 AM, Johnny Hughes <johnny at centos.org> wrote:
> 
>> On 05/13/2015 06:57 AM, Tris Hoar wrote:
>>> On 13/05/2015 11:12, Johnny Hughes wrote:
>>>> All,
>>>>
>>>> Red Hat released the source code for Firefox 38.  We have (or willbe
>>>> today) releasing this for CentOS-5, CentOS-6, and CentOS-7.
>>>>
>>>> It does not, by default, connect to https sites with TLS less than 1.2.
>>>> This means it will not connect to sites on CentOS-5, for example ..
>>>> there are many others.
>>>>
>>>> In any event, here is a wiki article that explains potential issues and
>>>> workarounds:
>>>>
>>>> http://wiki.centos.org/TipsAndTricks/Firefox38onCentOS
>>>>
>>>
>>> Hi Johnny,
>>>
>>> My reading of https://access.redhat.com/node/1422403 is Firefox 38 will
>>> connect to sites using TLS 1.0 and 1.1. But ONLY if the server correctly
>>> negotiates the connection. This should only effect sites that close the
>>> initial connection due to not understanding TLS 1.2.
>>>
>>> A quick test connecting to a RHEL5 server over HTTPS with Firefox 38
>>> shows it has established a TLS 1.0 connection so this should not really
>>> effect CentOS 5.
>>>
>>
>> You are correct, it will not automatically negotiate a downgrade only.
>> Thank goodness.  Still will impact a lot of sites, but not all non TLS 1.2.
>>
>> Thanks,
>> Johnny Hughes
>>
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
> 
> 

-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77