On Thu, 14 May 2015 17:32:53 +0200, Adam Major wrote:
> Hello
>
> >> But I don't think disable TLS 1.0 is ok.
> >>
> >
> > TLS 1.0 is dead and is even now banned in new installations according to
> > the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported
> > by *any* HTTP
On Fri, May 15, 2015, at 03:07, Ian Smith wrote:
> On Thu, 14 May 2015 17:32:53 +0200, Adam Major wrote:
> > Hello
> >
> > >> But I don't think disable TLS 1.0 is ok.
> > >>
> > >
> > > TLS 1.0 is dead and is even now banned in new installations according to
> > > the PCI DSS 3.1 standar
On Thu, May 14, 2015, at 06:31, Dan Lukes wrote:
> Patrick Proniewski wrote:
> >> "Data Transfer Interrupted
> >> The connection to forums.freebsd.org has terminated unexpectedly. Some
> >> data may have been transferred."
> >
> > looks like your browser/OS does not support TLS 1.2.
>
> I'm co
Mark Felder wrote:
In the future FreeBSD's base libraries like OpenSSL hopefully will be
private: only the base system knows they exist; no other software will
see them. This will mean that every port/package you install requiring
OpenSSL will *always* use OpenSSL from ports/packages; no conflict
On Fri, May 15, 2015, at 10:22, Roger Marquis wrote:
> Mark Felder wrote:
> > In the future FreeBSD's base libraries like OpenSSL hopefully will be
> > private: only the base system knows they exist; no other software will
> > see them. This will mean that every port/package you install requiring
Patrick Proniewski wrote:
> That's always the problem with guys like you and me who live in the real
> world. We can't cope with "what should be dead and no longer used".
> Deprecated tomcat/Java/SSL/You-name-it software that you can't just upgrade
> because it's used with hardware/software yo
Mark Felder wrote:
Another option is a second openssl port, one that overwrites base and
guarantees compatibility with RELEASE. Then we could at least have all
versions of openssl in vuln.xml (not that that's been a reliable
indicator of security of late).
This will never work. You can't guar
On 15 May, Roger Marquis wrote:
> Mark Felder wrote:
>>> Another option is a second openssl port, one that overwrites base and
>>> guarantees compatibility with RELEASE. Then we could at least have all
>>> versions of openssl in vuln.xml (not that that's been a reliable
>>> indicator of security o
Mark Felder wrote:
>> Base OpenSSL in still supported releases is too old version and doesn't
>> support TLS 1.2 as well.
>>
>> Either TLS 1.0 is so insecure and should not be used, or is secure
>> enough for FreeBSD.
> When the FreeBSD 8.0 (2009) and 9.0 (2012) releases were cut we didn't
> have
