From owner-freebsd-security@FreeBSD.ORG  Thu May 14 15:31:58 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 89F3E3D6
 for <freebsd-security@freebsd.org>; Thu, 14 May 2015 15:31:58 +0000 (UTC)
Received: from thor.freshdata.pl (thor.freshdata.pl [148.251.122.55])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0542F1A84
 for <freebsd-security@freebsd.org>; Thu, 14 May 2015 15:31:57 +0000 (UTC)
Received: from dhcp46-187-149-223.eaw.com.pl ([46.187.149.223]
 helo=[192.168.2.100])
 by thor.freshdata.pl with esmtpa (Exim 4.82_1-5b7a7c0-XX (FreeBSD))
 (envelope-from <adi@ivpro.net>) id 1Ysv73-000G4o-NG
 for freebsd-security@freebsd.org; Thu, 14 May 2015 17:31:53 +0200
Message-ID: <5554C025.9090903@ivpro.net>
Date: Thu, 14 May 2015 17:32:53 +0200
From: Adam Major <adi@ivpro.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: Re: Forums.FreeBSD.org - SSL Issue?
References: <CACRVPYOALi-V8D34zeJTYdSwHshYrqtttqVV3=aP8Yb6ZAxfyg@mail.gmail.com>
 <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com>
 <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net>
 <20150514193706.V69409@sola.nimnet.asn.au> <555476CB.2010005@ivpro.net>
 <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com>
In-Reply-To: <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2015 15:31:58 -0000

Hello

>> But I don't think disable TLS 1.0 is ok.
>>
> 
> TLS 1.0 is dead and is even now banned in new installations according to
> the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported
> by *any* HTTPS site now.

Maybe is dead but is used in many old browser / software still used.

In PCI DSS 3.1 merchants must remove SSL and TLS 1.0 to 30 June 2016.
(new installations "in theory" should not be built on TLS 1.0).

So we have 1 year and FreeBSD forum is not e-commerce site ;)

Best Regards.