Www.CentOS.org/forums/

Home » CentOS » Www.CentOS.org/forums/
CentOS 8 Comments

Hi List,

Does anyone know why the above URL is still using TLS V1.0.

I can’t connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore.

Thanks for any enlightenment.

Steve

8 thoughts on - Www.CentOS.org/forums/

  • Stop paranoia? Tlsv1.0 is not recommended when storing credit card data.

    Eero Hi List,

    Does anyone know why the above URL is still using TLS V1.0.

    I can’t connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore.

    Thanks for any enlightenment.

    Steve

  • @Eero: IMHO you are missing some points here. There are more and more browsers that are unable to use SSL{2,3} as well as TLS1.0, not just disabled via config, but this decission was made at compile time. Newer Android and Apple-iOS devices for example.

    And the point is not that the site supports TLS1.0, but that it does not support TLS1.1 and/or TLS 1.2, and as such is incassessible to devices that ask for TLS1.1 as minimum for HTTPS.

    But that is for the admins/webmasters of the servers to resolve.

    – Yamaban

  • This is not true. it works fine with latest android and ios. I just tested it.

    Many sites are still using CentOS 5 and clones and cannot support tls 1.2
    and tls 1.1 without upgrade.

  • TLS 1.0 is still safe but the server should upgrade to allow TLS 1.2

    For my more sensitive servers I only allow TLS 1.2 because every modern browser supports it, so there isn’t a justification for still allow TLS
    1.0 as it is always possible there is a zero-day.

  • The latest version of Android is Marshmallow and currently is only installed on 2.3% of the devices out there:
    http://developer.android.com/about/dashboards/index.html

    You cannot just support the latest version of a client if your site is accessed by regular users out there.

    Then they might be forced to upgrade to a newer CentOS version. If you only run your personal blog then you can of course whatever you want but if you run a commercial site then the OS you can run depends on what the clients support and not the other way around.

    Regards,
    Dennis

  • actually that isn’t true either. Just install a newer version of firefox or chrome or whatever..then you are independent of the operating system in many cases.

  • –f0DMiPhpMtA3HQhghVojIEWitwBGeuhPj Content-Type: text/plain; charset=windows-1252
    Content-Transfer-Encoding: quoted-printable

    Something that is already on the TODO list, as that’s actually the only remaining CentOS 5 node, reason why it doesn’t support something higher than tls 1.0
    The whole setup will be reinstalled/migrated to c7 in the following weeks (time permitting).

  • –HVPQDKBBbIiiLs8NBb0oQXUJhIeqCTvJA
    Content-Type: text/plain; charset=windows-1252
    Content-Transfer-Encoding: quoted-printable

    Just to close that thread : migration of the website/forums was announced and scheduled for today, and it went live earlier today. So now you should be able to use TLSv1.2