TLS is handled in the connection. So if your Perl code is opening the
connection directly it would be in the SSLeay module and OpenSSL libraries. If
your Perl cod is behind a webserver it is the webserver that handles the
connection. Only if your Perl code is being distributed to others to run will
you care what version of Perl others are running.
Darryl Baker
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL 60201-3715
darryl.ba...@northwestern.edu
(847) 467-6674
On 1/25/18, 1:12 PM, "SurfShop" <contactat...@surfshopcart.com> wrote:
> On Jan 25, 2018, at 10:43 AM, Darryl Philip Baker
<darryl.ba...@northwestern.edu> wrote:
>
> If you do not know TLS 1.0 and TLS 1.1 have a vulnerability in the design
of the protocol and they are being deprecated. Currently only TLS 1.2 now and
TLS 1.3 when finalized are considered safe. TLS 1.2 was defined in August of
2008 so if you are using anything developed in the last five years it should
support TLS 1.2.
Thanks, Darryl. Yes, that much I do know about TLS. I just didn't
know if I needed to update anything on my end in the code. I don't want a
bunch of angry emails from customers saying their cart's broken the day after
the switch. ;) From your answer, it doesn't sound like I need to change
anything.
However, what if someone is still on Perl 5.8.8? That's older the last
5 years. Will that even make a difference? Where is TLS actually handled - in
Perl, in the code, in the browser, on the server? This is the part that has me
stumped.
Thanks again,
Frank
