From owner-freebsd-security@FreeBSD.ORG  Thu May 14 14:13:33 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7044C47B;
 Thu, 14 May 2015 14:13:33 +0000 (UTC)
Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com
 [IPv6:2607:f8b0:4001:c03::22e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 434BE1FD6;
 Thu, 14 May 2015 14:13:33 +0000 (UTC)
Received: by iebgx4 with SMTP id gx4so61149656ieb.0;
 Thu, 14 May 2015 07:13:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=LKp3CFSr4KjIBF2VoLqUGFtIRPMsvL9tHbHxxL6+vQ8=;
 b=V45hFNAldEhgOPxXWOBHdMW0mk0VaXU+hs+/TEVMhOga6uNz+lbFc6gSEPDBMBQW6h
 ZtQ6dXJus568JW7rVSs93Da6R6aWIHFxqL5GTyvV/EqwNU/IbpstZ/iXWsRtmcQLzNTG
 4SS9rUrPJYAF7JEP0dntpoYcRKHKQxPSpDKptQMc7k1r+LctJ5pqnwXepVSZIUUrf11R
 TkjwLzZDKVumEX1hXwEgeVh9yPw2DrDA0mq3x+5fI9ItMhbyTiL/mhAKFiF6pMmkYK/m
 14eMpnAHZKMjktAYHF0YS8xLP+RAbyVXS8csWWbgtAMpC8S/U0NmxfwDJq6bo32nml72
 AcVg==
MIME-Version: 1.0
X-Received: by 10.107.7.88 with SMTP id 85mr5638528ioh.42.1431612812583; Thu,
 14 May 2015 07:13:32 -0700 (PDT)
Received: by 10.79.4.148 with HTTP; Thu, 14 May 2015 07:13:32 -0700 (PDT)
In-Reply-To: <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com>
References: <CACRVPYOALi-V8D34zeJTYdSwHshYrqtttqVV3=aP8Yb6ZAxfyg@mail.gmail.com>
 <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com>
 <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net>
 <20150514193706.V69409@sola.nimnet.asn.au>
 <555476CB.2010005@ivpro.net>
 <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com>
Date: Thu, 14 May 2015 07:13:32 -0700
Message-ID: <CAKE2PDtM6q14q2BdmB5PNht=Q3Q0VQRh64nh1Lfd9Y9uCryibw@mail.gmail.com>
Subject: Re: Forums.FreeBSD.org - SSL Issue?
From: jungle Boogie <jungleboogie0@gmail.com>
To: Mark Felder <feld@freebsd.org>
Cc: freebsd-security@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2015 14:13:33 -0000

On 14 May 2015 at 06:08, Mark Felder <feld@freebsd.org> wrote:
>
>
> On Thu, May 14, 2015, at 05:19, Adam Major wrote:
>> Hello
>>
>> I checked now by sslLabs.com:
>> https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org
>>
>> and score is A+
>>
>> But I don't think disable TLS 1.0 is ok.
>>
>
> TLS 1.0 is dead and is even now banned in new installations according to
> the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported
> by *any* HTTPS site now.


Here, here! We ONLY have 1.0 enabled until the hardware vendor can
upgrade their software. I'm looking to celebrate the day when we have
1.1 and 1.2 enabled.

-- 
-------
inum: 883510009027723
sip: jungleboogie@sip2sip.info
xmpp: jungle-boogie@jit.si