From owner-freebsd-security@FreeBSD.ORG Thu May 14 13:08:07 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E757AAA for ; Thu, 14 May 2015 13:08:07 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 236B316A3 for ; Thu, 14 May 2015 13:08:06 +0000 (UTC) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id E565220774 for ; Thu, 14 May 2015 09:08:05 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute6.internal (MEProxy); Thu, 14 May 2015 09:08:05 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=G4y4mF6c0KZPxAS LVM+JNtjrFa4=; b=R5fMRnqP4UV7hL/7i6QskQIBEJK1HvngbSYbaEBhPwZNj8t nZc5jVDsuv1DmUO5gx9lWHw2ImPeHmhV+cKLRfPi9O3CwRXvwfZRuqI/3N0wroYh ComJC2ijIDBoM7c1gGQurfBacWBVMTmX+3IZftMqJcB1OkSyGlIsKfVn/bnA= Received: by web3.nyi.internal (Postfix, from userid 99) id C526F118AA8; Thu, 14 May 2015 09:08:05 -0400 (EDT) Message-Id: <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com> X-Sasl-Enc: U1zMwNCkpRBggFNIKydFMtGBMj/8Hmg4BWbywcVSUz/O 1431608885 From: Mark Felder To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-e7ca9928 Subject: Re: Forums.FreeBSD.org - SSL Issue? Date: Thu, 14 May 2015 08:08:05 -0500 In-Reply-To: <555476CB.2010005@ivpro.net> References: <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> <20150514193706.V69409@sola.nimnet.asn.au> <555476CB.2010005@ivpro.net> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2015 13:08:07 -0000 On Thu, May 14, 2015, at 05:19, Adam Major wrote: > Hello > > I checked now by sslLabs.com: > https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org > > and score is A+ > > But I don't think disable TLS 1.0 is ok. > TLS 1.0 is dead and is even now banned in new installations according to the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported by *any* HTTPS site now.