Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1

From:	Tim Rühsen
Subject:	Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1
Date:	Sun, 15 Jul 2018 11:07:20 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

On 14.07.2018 23:57, Jeffrey Walton wrote:
> On Tue, Jun 19, 2018 at 6:44 AM, Loganaden Velvindron <address@hidden> wrote:
>> ...
>> As per:
>> https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00
>>
>> Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by
>> default. No doubt that this will cause some discussions, I'm open to
>> hearing all opinions on this.
> 
> What will users do?
> 
> I'm guessing most will turn to --no-check-certificate or HTTP, which
> has the net effect of removing security, not improving it.
> 
> Stack Overflow is littered with the --no-check-certificate answer for
> questions ranging from "how do I use wget to download a file" to "how
> do I make my PHP work again".

This is to accept "broken / misused" certificates (lifetime exceeded,
wrong domain, etc.) - but maybe I am wrong. Could you explain what the
TLS version has to do with this ? AFAICS, if a server doesn't speak
TLS1.2, this option this option isn't of any use.

Regards, Tim

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1, L A Walsh, 2018/07/14
- Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1, Jeffrey Walton, 2018/07/14
  - Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1, Tim Rühsen <=

Prev by Date: Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1
Next by Date: [Bug-wget] TLS1.3 via GnuTLS
Previous by thread: Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1
Next by thread: [Bug-wget] TLS1.3 via GnuTLS
Index(es):
- Date
- Thread