On 05/13/2015 06:57 AM, Tris Hoar wrote:> On 13/05/2015 11:12, Johnny Hughes wrote: >> All, >> >> Red Hat released the source code for Firefox 38. We have (or willbe >> today) releasing this for CentOS-5, CentOS-6, and CentOS-7. >> >> It does not, by default, connect to https sites with TLS less than 1.2. >> This means it will not connect to sites on CentOS-5, for example .. >> there are many others. >> >> In any event, here is a wiki article that explains potential issues and >> workarounds: >> >> http://wiki.centos.org/TipsAndTricks/Firefox38onCentOS >> > > Hi Johnny, > > My reading of https://access.redhat.com/node/1422403 is Firefox 38 will > connect to sites using TLS 1.0 and 1.1. But ONLY if the server correctly > negotiates the connection. This should only effect sites that close the > initial connection due to not understanding TLS 1.2. > > A quick test connecting to a RHEL5 server over HTTPS with Firefox 38 > shows it has established a TLS 1.0 connection so this should not really > effect CentOS 5. >You are correct, it will not automatically negotiate a downgrade only. Thank goodness. Still will impact a lot of sites, but not all non TLS 1.2. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150513/3308734f/attachment-0001.sig>
Learn English. On Wed, May 13, 2015 at 10:35 AM, Johnny Hughes <johnny at centos.org> wrote:> On 05/13/2015 06:57 AM, Tris Hoar wrote: > > On 13/05/2015 11:12, Johnny Hughes wrote: > >> All, > >> > >> Red Hat released the source code for Firefox 38. We have (or willbe > >> today) releasing this for CentOS-5, CentOS-6, and CentOS-7. > >> > >> It does not, by default, connect to https sites with TLS less than 1.2. > >> This means it will not connect to sites on CentOS-5, for example .. > >> there are many others. > >> > >> In any event, here is a wiki article that explains potential issues and > >> workarounds: > >> > >> http://wiki.centos.org/TipsAndTricks/Firefox38onCentOS > >> > > > > Hi Johnny, > > > > My reading of https://access.redhat.com/node/1422403 is Firefox 38 will > > connect to sites using TLS 1.0 and 1.1. But ONLY if the server correctly > > negotiates the connection. This should only effect sites that close the > > initial connection due to not understanding TLS 1.2. > > > > A quick test connecting to a RHEL5 server over HTTPS with Firefox 38 > > shows it has established a TLS 1.0 connection so this should not really > > effect CentOS 5. > > > > You are correct, it will not automatically negotiate a downgrade only. > Thank goodness. Still will impact a lot of sites, but not all non TLS 1.2. > > Thanks, > Johnny Hughes > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >-- ----------------- Hal Wigoda Chicago
This type of response to the list is unacceptable, and will result in moderation or removal from the list if it continues. On 05/14/2015 07:36 AM, Hal Wigoda wrote:> Learn English. > > On Wed, May 13, 2015 at 10:35 AM, Johnny Hughes <johnny at centos.org> wrote: > >> On 05/13/2015 06:57 AM, Tris Hoar wrote: >>> On 13/05/2015 11:12, Johnny Hughes wrote: >>>> All, >>>> >>>> Red Hat released the source code for Firefox 38. We have (or willbe >>>> today) releasing this for CentOS-5, CentOS-6, and CentOS-7. >>>> >>>> It does not, by default, connect to https sites with TLS less than 1.2. >>>> This means it will not connect to sites on CentOS-5, for example .. >>>> there are many others. >>>> >>>> In any event, here is a wiki article that explains potential issues and >>>> workarounds: >>>> >>>> http://wiki.centos.org/TipsAndTricks/Firefox38onCentOS >>>> >>> >>> Hi Johnny, >>> >>> My reading of https://access.redhat.com/node/1422403 is Firefox 38 will >>> connect to sites using TLS 1.0 and 1.1. But ONLY if the server correctly >>> negotiates the connection. This should only effect sites that close the >>> initial connection due to not understanding TLS 1.2. >>> >>> A quick test connecting to a RHEL5 server over HTTPS with Firefox 38 >>> shows it has established a TLS 1.0 connection so this should not really >>> effect CentOS 5. >>> >> >> You are correct, it will not automatically negotiate a downgrade only. >> Thank goodness. Still will impact a lot of sites, but not all non TLS 1.2. >> >> Thanks, >> Johnny Hughes >> >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> >> > >-- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77