[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1
|
From: |
Tomas Hozza |
|
Subject: |
Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1 |
|
Date: |
Tue, 19 Jun 2018 14:48:30 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 19.06.2018 13:20, Loganaden Velvindron wrote:
> On Tue, Jun 19, 2018 at 3:18 PM, Tim Rühsen <address@hidden> wrote:
>> On 06/19/2018 12:44 PM, Loganaden Velvindron wrote:
>>> Hi All,
>>>
>>> As per:
>>> https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00
>>>
>>> Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by
>>> default. No doubt that this will cause some discussions, I'm open to
>>> hearing all opinions on this.
>>>
>>
>> Good idea for the public internet.
>>
>> IMO there are too many 'internal' devices / hardware that are not
>> up-to-date and impossible to update.
>>
>> What about amending the patch so that we apply it only to public IP
>> addresses ?
>
> This sounds reasonable.
>
>>
>> And even then - we should not just 'fail' on older servers but tell the
>> user why wget fails and what to do about it. In the end, the user is
>> responsible and in control.
>
> Yes, giving some info to the user would be good too.
> I will update the patch.
Hi.
When doing the change, please make sure that you change also the gnutls
implementation. Some distributions (e.g. Fedora) compile wget with gnutls
instead of openssl. I expect that the behavior should be consistent regardless
of the crypto library that is being used.
Regards,
Tomas
>>
>> Regards, Tim
>>
>
--
Tomas Hozza
Associate Manager, Software Engineering - EMEA ENG Core Services
PGP: 1D9F3C2D
UTC+1 (CET)
Red Hat Inc. http://cz.redhat.com