On Thu, May 14, 2015, at 06:31, Dan Lukes wrote: > Patrick Proniewski wrote: > >> "Data Transfer Interrupted > >> The connection to forums.freebsd.org has terminated unexpectedly. Some > >> data may have been transferred." > > > > looks like your browser/OS does not support TLS 1.2. > > I'm confused by FreeBSD policy, a lot. > > Base OpenSSL in still supported releases is too old version and doesn't > support TLS 1.2 as well. > > Either TLS 1.0 is so insecure and should not be used, or is secure > enough for FreeBSD. >
When the FreeBSD 8.0 (2009) and 9.0 (2012) releases were cut we didn't have these vulnerabilities or problems. In fact, TLS 1.2 existed as a protocol (2008) but OpenSSL didn't even implement it yet (not until 2010)! Thankfully FreeBSD 8 is EoL on June 30, 2015, but we still have to live with FreeBSD 9.3 until Dec 31 2016. That's going to be painful, but we shouldn't kill it off sooner than we have to as a courtesy to our users. FreeBSD needs to change, too. That is not being ignored. In the future FreeBSD's base libraries like OpenSSL hopefully will be private: only the base system knows they exist; no other software will see them. This will mean that every port/package you install requiring OpenSSL will *always* use OpenSSL from ports/packages; no conflict is possible. This also solves the problem of stale software in the base system and allows FreeBSD to do major upgrades of this software in point releases to keep the base system fresh. Last I knew this approach was still being discussed, but it will be a fantastic improvement to the FreeBSD OS model when it happens. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"