Date: Wed, 19 Jul 2017 19:48:38 +0000 (UTC) From: Glen Barber <gjb@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r50522 - head/en_US.ISO8859-1/books/handbook/mirrors Message-ID: <201707191948.v6JJmd5Y005023@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gjb Date: Wed Jul 19 19:48:38 2017 New Revision: 50522 URL: https://svnweb.freebsd.org/changeset/doc/50522 Log: Purge stale information from the mirrors chapter. Submitted by: peter Reviewed by: peter Sponsored by: The FreeBSD Foundation Modified: head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Wed Jul 19 18:28:19 2017 (r50521) +++ head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Wed Jul 19 19:48:38 2017 (r50522) @@ -352,99 +352,10 @@ This site doesn't have any products newer than 8.1 whi browser, use <link xlink:href="https://svnweb.FreeBSD.org/">https://svnweb.FreeBSD.org/</link>.</para>; - <note> - <para>The &os; <application>Subversion</application> mirrors - previously used self-signed SSL certificates documented in - this chapter. As of July 14, 2015, all mirrors now use an - official SSL certificate that will be recognized by - <application>Subversion</application> if the <package - role="port">security/ca_root_nss</package> port is - installed. The legacy self-signed certificates and server - names are still available but are deprecated and no longer - supported.</para> - </note> - - <para>For those without the <package - role="port">security/ca_root_nss</package> port - installed, the SHA1 and SHA256 fingerprints are:</para> - - <informaltable> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="1*"/> - <thead> - <row> - <entry>Hash</entry> - <entry>Fingerprint</entry> - </row> - </thead> - - <tbody> - <row> - <entry>SHA1</entry> - <entry><literal>E9:37:73:80:B5:32:1B:93:92:94:98:17:59:F0:FA:A2:5F:1E:DE:B9</literal></entry> - </row> - - <row> - <entry>SHA256</entry> - <entry><literal>D5:27:1C:B6:55:E6:A8:7D:48:D5:0C:F0:DA:9D:51:60:D7:42:6A:F2:05:F1:8A:47:BE:78:A1:3A:72:06:92:60</literal></entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para><acronym>HTTPS</acronym> is the preferred protocol, - providing protection against another computer pretending to be - the &os; mirror (commonly known as a <quote>man in the - middle</quote> attack) or otherwise trying to send bad - content to the end user.</para> - - <para>If <literal>https</literal> cannot be used due to firewall - or other problems, <literal>svn</literal> is the next choice, - with slightly faster transfers. When neither can be used, use - <literal>http</literal>.</para> - - <para>For those still using deprecated server names, the SHA1 - and SHA256 fingerprints will be one of:</para> - - <informaltable> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="1*"/> - <thead> - <row> - <entry>Hash</entry> - <entry>Fingerprint</entry> - </row> - </thead> - - <tbody> - <row> - <entry>Legacy-SHA1</entry> - <entry><literal>1C:BD:85:95:11:9F:EB:75:A5:4B:C8:A3:FE:08:E4:02:73:06:1E:61</literal></entry> - </row> - - <row> - <entry>Legacy-SHA1</entry> - <entry><literal>F6:44:AA:B9:03:89:0E:3E:8C:4D:4D:14:F0:27:E6:C7:C1:8B:17:C5</literal></entry> - </row> - - <row> - <entry>Legacy-SHA256</entry> - <entry><literal>47:35:A9:09:A3:AB:FA:20:33:36:43:C5:1A:D6:E6:FB:EB:C0:C0:83:37:D4:46:9C:A0:AB:89:7F:C2:9C:4C:A3</literal></entry> - </row> - - <row> - <entry>Legacy-SHA256</entry> - <entry><literal>48:3C:84:DB:7C:27:1B:FA:D5:0B:A0:D7:E0:4C:79:AA:A3:8E:A3:FA:84:E6:32:34:7D:EB:30:E6:11:01:CF:BE</literal></entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Seeing one of these legacy certificate - fingerprints means it is likely that a deprecated - server name is being used.</para> + <para>HTTPS is the preferred protocol, but the + <filename role="package">security/ca_root_nss</filename> + package will need to be installed in order to automatically + validate certificates.</para> </sect2> <sect2>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707191948.v6JJmd5Y005023>