From owner-svn-doc-all@freebsd.org Wed Jul 19 19:48:40 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13957D7CFD2; Wed, 19 Jul 2017 19:48:40 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E384069839; Wed, 19 Jul 2017 19:48:39 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v6JJmdNL005024; Wed, 19 Jul 2017 19:48:39 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v6JJmd5Y005023; Wed, 19 Jul 2017 19:48:39 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201707191948.v6JJmd5Y005023@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Wed, 19 Jul 2017 19:48:38 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r50522 - head/en_US.ISO8859-1/books/handbook/mirrors X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/mirrors X-SVN-Commit-Revision: 50522 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2017 19:48:40 -0000 Author: gjb Date: Wed Jul 19 19:48:38 2017 New Revision: 50522 URL: https://svnweb.freebsd.org/changeset/doc/50522 Log: Purge stale information from the mirrors chapter. Submitted by: peter Reviewed by: peter Sponsored by: The FreeBSD Foundation Modified: head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Wed Jul 19 18:28:19 2017 (r50521) +++ head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Wed Jul 19 19:48:38 2017 (r50522) @@ -352,99 +352,10 @@ This site doesn't have any products newer than 8.1 whi browser, use https://svnweb.FreeBSD.org/. - - The &os; Subversion mirrors - previously used self-signed SSL certificates documented in - this chapter. As of July 14, 2015, all mirrors now use an - official SSL certificate that will be recognized by - Subversion if the security/ca_root_nss port is - installed. The legacy self-signed certificates and server - names are still available but are deprecated and no longer - supported. - - - For those without the security/ca_root_nss port - installed, the SHA1 and SHA256 fingerprints are: - - - - - - - - Hash - Fingerprint - - - - - - SHA1 - E9:37:73:80:B5:32:1B:93:92:94:98:17:59:F0:FA:A2:5F:1E:DE:B9 - - - - SHA256 - D5:27:1C:B6:55:E6:A8:7D:48:D5:0C:F0:DA:9D:51:60:D7:42:6A:F2:05:F1:8A:47:BE:78:A1:3A:72:06:92:60 - - - - - - HTTPS is the preferred protocol, - providing protection against another computer pretending to be - the &os; mirror (commonly known as a man in the - middle attack) or otherwise trying to send bad - content to the end user. - - If https cannot be used due to firewall - or other problems, svn is the next choice, - with slightly faster transfers. When neither can be used, use - http. - - For those still using deprecated server names, the SHA1 - and SHA256 fingerprints will be one of: - - - - - - - - Hash - Fingerprint - - - - - - Legacy-SHA1 - 1C:BD:85:95:11:9F:EB:75:A5:4B:C8:A3:FE:08:E4:02:73:06:1E:61 - - - - Legacy-SHA1 - F6:44:AA:B9:03:89:0E:3E:8C:4D:4D:14:F0:27:E6:C7:C1:8B:17:C5 - - - - Legacy-SHA256 - 47:35:A9:09:A3:AB:FA:20:33:36:43:C5:1A:D6:E6:FB:EB:C0:C0:83:37:D4:46:9C:A0:AB:89:7F:C2:9C:4C:A3 - - - - Legacy-SHA256 - 48:3C:84:DB:7C:27:1B:FA:D5:0B:A0:D7:E0:4C:79:AA:A3:8E:A3:FA:84:E6:32:34:7D:EB:30:E6:11:01:CF:BE - - - - - - Seeing one of these legacy certificate - fingerprints means it is likely that a deprecated - server name is being used. + HTTPS is the preferred protocol, but the + security/ca_root_nss + package will need to be installed in order to automatically + validate certificates.