Hi Brane, all > On November 19, 2018 at 12:52 AM Branko Čibej <br...@apache.org> wrote:
> > Does the Apache web server still support TLS version 1.0? The old > > version of OpenSSL that we bundle with the Windows and Linux versions > > doesn't support anything newer than that. > > > It looks like you found the real problem: > > $ curl -sviI --tlsv1.0 https://ooo-updates.apache.org/ > * Trying 40.79.78.1... > ... > * TLSv1.0 (OUT), TLS handshake, Client hello (1): > * TLSv1.0 (IN), TLS alert, Server hello (2): > * error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol > version > > > Connection fails with options --tlsv1.0 and --tlsv1.1 but succeeds with > --tlsv1.2. Which is in fact a good thing; TLSv1 and TLSv1.1 both have > known security bugs. This means that on the Server side connection with the current version of Openoffice will not be accepted? Can this change be reversed or an exception opened for AOO? Otherwise, how are users going to be notified that any future version is available? @_Andreas_, which AOO version are you using under which OS? @_Rory O'Farrell_, can you please test with 4.1.5? I can confirm that version 4.2.0 build 1846852 does connect under Ubuntu 16.04.5 but that doesn't solve the problem for current users... Regards, Pedro --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
