Site Navigation

Date:      Thu, 14 May 2015 10:24:18 -0500
From:      Karl Denninger <karl@denninger.net>
To:        freebsd-security@freebsd.org
Subject:   Re: Forums.FreeBSD.org - SSL Issue?
Message-ID:  <5554BE22.1000407@denninger.net>
In-Reply-To: <C6A26209-6DB6-4842-9810-B670E3461AAE@patpro.net>
References:  <CACRVPYOALi-V8D34zeJTYdSwHshYrqtttqVV3=aP8Yb6ZAxfyg@mail.gmail.com> <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> <20150514193706.V69409@sola.nimnet.asn.au> <555476CB.2010005@ivpro.net> <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com> <CAKE2PDtM6q14q2BdmB5PNht=Q3Q0VQRh64nh1Lfd9Y9uCryibw@mail.gmail.com> <C6A26209-6DB6-4842-9810-B670E3461AAE@patpro.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On 5/14/2015 10:20, Patrick Proniewski wrote:
> On 14 mai 2015, at 16:13, jungle Boogie wrote:
>
>> On 14 May 2015 at 06:08, Mark Felder <feld@freebsd.org> wrote:
>>> TLS 1.0 is dead and is even now banned in new installations according to
>>> the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported
>>> by *any* HTTPS site now.
>>
>> Here, here! We ONLY have 1.0 enabled until the hardware vendor can
>> upgrade their software. I'm looking to celebrate the day when we have
>> 1.1 and 1.2 enabled.
>
> That's always the problem with guys like you and me who live in the real world. We can't cope with "what should be dead and no longer used". Deprecated tomcat/Java/SSL/You-name-it software that you can't just upgrade because it's used with hardware/software you can't get rid of.
> At work we are in the ridiculous state where we have to package old browser + old Java into VMware ThinApp "bubbles" to access production tools.
>
> Removing TSL 1.0 is not a good move. It's possible to provide SSL with TLS 1.2, having protection against protocol downgrade, and still provide TLS 1.1 and 1.0 for older browsers.
>
> patpro
> _______________________________________________
>

I'd love to lock out TLS 1.0 but if you do that anyone still running
anything that uses XP cannot connect.

There ARE people out there still using that in the wild.  Not a huge
number, but a material number.  On several relatively large systems I
monitor the "in the wild" user count for Windows XP is still around 4%
of all users to the sites.

Same problem with RC4.  I'd love to lock that out too, but see above --
that means 4% of the users can't connect (at all.)

-- 
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/

[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


��_0�[0�C�

)0
	*�H��


0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems LLC CA1"0 	*�H��

	
Cuda Systems LLC CA0
150421022159Z
200419022159Z0Z10	UUS10UFlorida10U
Cuda Systems LLC10UKarl Denninger (OCSP)0�"0
	*�H��



�0�
�
��X�@v�kY�
�T��q/v�E�]��5#�֯�MX����\8��L�J/V?�5���Da�+
��sJ��c�*��/�r�{ȼ�n��S�+�w"�)���ąZ^�Dt��dC�OZ�� ~7��Q ��'��@���a#i�j�c۴oZdB&���!�Ӝ���-�<	�?��H���N���5���y
5�}F�|ef゘��"V��لi��o��7��4���
zn�">����a����1q�Wuɖ�b�F��e�GE�&�3(��K�h����ix�G�3���!��#�e_X�Ƭ����Ϝ/,��$�+�;�4y��'�B�z<qT�9����_?rRU�pn�5
��Jn&R��x/�p J�yel�*�pN�8�/#�9�u����/��YP�E��C)T����Y>��~/˘N[������v��yi���DKˉ�,�^�"� ?�$��T8����v�&�����K�%z��8�C @?�K{�9�f`��+���@,|����M��bia

���0��07+


+0)0'+
0
�http://cudasystems.net:88880	U00	`�H
��B

�0U�0,	`�H
��B

OpenSSL Generated Certificate0U��-��h\F����f ��Y0U#0�$q���}��ݽ�ʒ����m50U0�karl@denninger.net0
	*�H��


�
Ow�b��a�bɺx�&��Uk�[��(O�j��!����%�p��MQ�0I�!#�Q��H��}.>~2���&D}�<�wm_>�V6�v��]�f��>=�N�n�+8;q �wfΰ����/��R�LyU��G#�b�}n�!D����ր_��up�|��_�ǰ��c��/�%ۥ���
�nN8:�d��;�-�UJ��d/�m��1~Vނי���nN I˾$t�F1&}�|?q?�\đ�X��ԑ�&\�4V�<lK������ۮ3%Am_����(��q����-(c����Ae�G�X)f}�-˥6c��v~��K�g�8m~v��;|�9�:-i�A����P��қ�6�ېn�-���.)�<[�$KJ�t�����t/L4�ᖣ�^Cm�u4v�b{+�B�G�$M���0c�\��[M�R�|�0FԸ�����P&7����8�"4p������#���}��DZ�9;V�9�#>�S�w"��[�UP7�1��0��

0��0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems LLC CA1"0 	*�H��

	
Cuda Systems LLC CA
)0	+��!0	*�H��

	1	*�H��


0	*�H��

	1
150514152418Z0#	*�H��

	1���Y�nhc@e5І��7�0l	*�H��

	1_0]0	`�H
e
*0	`�H
e
0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71��0��0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems LLC CA1"0 	*�H��

	
Cuda Systems LLC CA
)0��*�H��

	1�����0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems LLC CA1"0 	*�H��

	
Cuda Systems LLC CA
)0
	*�H��



����΂��K\����P�S�=�6�ڎcZi�fo�M�0�o\��XPO�����I@ו��)e��$�M���|Eǧ9��$�&f����3���T�ۘD�`�-Y���b�A<��^hD���%O������_)&��c�WS@���c�_,��ZV��đV�Mw�E��C)�"Ui%�OE<�z*��)�����(�N�WJ�L�X$��q7ތ�'T��V��uf\��|^�F�6��/ȱ����1��x�Ta��*q{��
M��kg澮�'�nw�"@h��#O"&������(Eh��F�'�Zx;'�0p�ogLe�>�>�]�鬤3�U;�Q�Eb��ݣ�į����43P6�
�1��d�l�/��,
���S�1r!Ձ<�J�������o}x�iT<�FPi��.�⢓�K~�z)o���ny�‡�[��Dsy�0��P��)�q�SwN��%Ocz�J7�7���E<�6a�W^s���ĬE��{�y	�S�;�ԸMu�CO	G

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5554BE22.1000407>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact