Date: Thu, 14 May 2015 17:20:44 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Liste FreeBSD-security <freebsd-security@freebsd.org> Cc: jungle Boogie <jungleboogie0@gmail.com> Subject: Re: Forums.FreeBSD.org - SSL Issue? Message-ID: <C6A26209-6DB6-4842-9810-B670E3461AAE@patpro.net> In-Reply-To: <CAKE2PDtM6q14q2BdmB5PNht=Q3Q0VQRh64nh1Lfd9Y9uCryibw@mail.gmail.com> References: <CACRVPYOALi-V8D34zeJTYdSwHshYrqtttqVV3=aP8Yb6ZAxfyg@mail.gmail.com> <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> <20150514193706.V69409@sola.nimnet.asn.au> <555476CB.2010005@ivpro.net> <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com> <CAKE2PDtM6q14q2BdmB5PNht=Q3Q0VQRh64nh1Lfd9Y9uCryibw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 mai 2015, at 16:13, jungle Boogie wrote: > On 14 May 2015 at 06:08, Mark Felder <feld@freebsd.org> wrote: >>=20 >> TLS 1.0 is dead and is even now banned in new installations according = to >> the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be = supported >> by *any* HTTPS site now. >=20 >=20 > Here, here! We ONLY have 1.0 enabled until the hardware vendor can > upgrade their software. I'm looking to celebrate the day when we have > 1.1 and 1.2 enabled. That's always the problem with guys like you and me who live in the real = world. We can't cope with "what should be dead and no longer used". = Deprecated tomcat/Java/SSL/You-name-it software that you can't just = upgrade because it's used with hardware/software you can't get rid of. At work we are in the ridiculous state where we have to package old = browser + old Java into VMware ThinApp "bubbles" to access production = tools. Removing TSL 1.0 is not a good move. It's possible to provide SSL with = TLS 1.2, having protection against protocol downgrade, and still provide = TLS 1.1 and 1.0 for older browsers. patpro=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C6A26209-6DB6-4842-9810-B670E3461AAE>