[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1
|
From: |
Loganaden Velvindron |
|
Subject: |
Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1 |
|
Date: |
Tue, 19 Jun 2018 17:50:12 +0400 |
On Tue, Jun 19, 2018 at 4:48 PM, Tomas Hozza <address@hidden> wrote:
>
>
> On 19.06.2018 13:20, Loganaden Velvindron wrote:
>> On Tue, Jun 19, 2018 at 3:18 PM, Tim Rühsen <address@hidden> wrote:
>>> On 06/19/2018 12:44 PM, Loganaden Velvindron wrote:
>>>> Hi All,
>>>>
>>>> As per:
>>>> https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00
>>>>
>>>> Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by
>>>> default. No doubt that this will cause some discussions, I'm open to
>>>> hearing all opinions on this.
>>>>
>>>
>>> Good idea for the public internet.
>>>
>>> IMO there are too many 'internal' devices / hardware that are not
>>> up-to-date and impossible to update.
>>>
>>> What about amending the patch so that we apply it only to public IP
>>> addresses ?
>>
>> This sounds reasonable.
>>
>>>
>>> And even then - we should not just 'fail' on older servers but tell the
>>> user why wget fails and what to do about it. In the end, the user is
>>> responsible and in control.
>>
>> Yes, giving some info to the user would be good too.
>> I will update the patch.
>
> Hi.
>
> When doing the change, please make sure that you change also the gnutls
> implementation. Some distributions (e.g. Fedora) compile wget with gnutls
> instead of openssl. I expect that the behavior should be consistent
> regardless of the crypto library that is being used.
>
Yes, will do. Thanks for pointing this out.
> Regards,
> Tomas
>
>>>
>>> Regards, Tim
>>>
>>
>
> --
> Tomas Hozza
> Associate Manager, Software Engineering - EMEA ENG Core Services
>
> PGP: 1D9F3C2D
> UTC+1 (CET)
> Red Hat Inc. http://cz.redhat.com