Date: Wed, 29 Jul 2015 18:38:14 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Arthur Chance <freebsd@qeng-ho.org> Cc: "Michael B. Eichorn" <ike@michaeleichorn.com>, Polytropon <freebsd@edvax.de>, freebsd-questions@freebsd.org Subject: Re: FreeBSD Forum access problem (was Re: Endless Data Loss) Message-ID: <20150729181049.C17327@sola.nimnet.asn.au> In-Reply-To: <55B79501.2020405@qeng-ho.org> References: <mailman.67.1437912001.91662.freebsd-questions@freebsd.org> <20150726233449.M17327@sola.nimnet.asn.au> <20150726180913.bfa82863.freebsd@edvax.de> <20150728230108.T17327@sola.nimnet.asn.au> <55B79501.2020405@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Jul 2015 15:43:13 +0100, Arthur Chance wrote: > On 28/07/2015 14:30, Ian Smith wrote: > > On Sun, 26 Jul 2015 18:09:13 +0200, Polytropon wrote: > > > On Sun, 26 Jul 2015 23:58:25 +1000 (EST), Ian Smith wrote: > > > > > > That's not the problem. The problem with the forums site is that it > > no > > > > longer allows connections using SSLv3 or TLS 1.0 .. it requires at > > least > > > > TLS 1.1 now, and might later accept only TLS 1.2, even just for > > reading. > > > > > > Thank you for clarification! I've set the security options > > > to only (!) allow TLS 1.1 and 1.2, _no_ SSL v3 or TLS 1.0, > > > and now I can connect to the forum again. I'll check now if > > > the other few websites I visit will be "impacted" by that > > > configuration change. > > > > I don't think you needed to disable older protocols - unless you want to > > not permit yourself to connect to older sites that only present those > > protocols - in order for the highest/latest options to be selected where > > they are enabled and perhaps demanded as in the case of the forums. > > > > But you should test that assumption, which is all it is. > > > > I've since found that even my not-SO-ancient firefox from 9.1 to > > 9.2-stable times would not connect to forums.freebsd.org either. > > > > % pkg info firefox > > firefox-23.0,1 > > Name : firefox > > Version : 23.0,1 > > Installed on : Sun Jul 20 02:37:45 EST 2014 > > Origin : www/firefox > > Architecture : freebsd:9:x86:64 > > > > Had to go hunting in the bowels of about:config to find what SSL > > protocols were set, and it just showed '1' (as an integer), so after > > some more hunting, on a hunch I tried '2' there. That worked! but I > > have not the slightest idea why it does, or what '2' signifies :) > > I'm on FF 39 so this may not apply to you, but with that caveat my > about:config shows > > security.tls.version.min = 1 > security.tls.version.max = 3 > > and an add-on (Configuration Mania) which gives nicer access to many config > settings interprets that as TLS 1.0 as minimum, TLS 1.2 as maximum. I have no > problem getting to the forums. Thanks for the info, Arthur, and for elaboration by Michael. FF 23 does have both of those, originally set .min=0 (allowing RC4, I guess?) and .max=1 (TLS 1.0). I then changed only .max=2, TLS 1.1 apparently, sufficient for access to forums.freebsd.org - at present, anyway. So now I have .min=1 and .max=3 like yours, which works the same on the forums. If I find any sites where .min=1 is a problem I'll report back. FWIW, I'd beaten around the FF help site earlier re this, with no joy. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150729181049.C17327>