Date: Tue, 28 Jul 2015 15:43:13 +0100 From: Arthur Chance <freebsd@qeng-ho.org> To: Ian Smith <smithi@nimnet.asn.au>, Polytropon <freebsd@edvax.de> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD Forum access problem (was Re: Endless Data Loss) Message-ID: <55B79501.2020405@qeng-ho.org> In-Reply-To: <20150728230108.T17327@sola.nimnet.asn.au> References: <mailman.67.1437912001.91662.freebsd-questions@freebsd.org> <20150726233449.M17327@sola.nimnet.asn.au> <20150726180913.bfa82863.freebsd@edvax.de> <20150728230108.T17327@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28/07/2015 14:30, Ian Smith wrote: > On Sun, 26 Jul 2015 18:09:13 +0200, Polytropon wrote: > > On Sun, 26 Jul 2015 23:58:25 +1000 (EST), Ian Smith wrote: > > > > That's not the problem. The problem with the forums site is that it no > > > longer allows connections using SSLv3 or TLS 1.0 .. it requires at least > > > TLS 1.1 now, and might later accept only TLS 1.2, even just for reading. > > > > Thank you for clarification! I've set the security options > > to only (!) allow TLS 1.1 and 1.2, _no_ SSL v3 or TLS 1.0, > > and now I can connect to the forum again. I'll check now if > > the other few websites I visit will be "impacted" by that > > configuration change. > > I don't think you needed to disable older protocols - unless you want to > not permit yourself to connect to older sites that only present those > protocols - in order for the highest/latest options to be selected where > they are enabled and perhaps demanded as in the case of the forums. > > But you should test that assumption, which is all it is. > > I've since found that even my not-SO-ancient firefox from 9.1 to > 9.2-stable times would not connect to forums.freebsd.org either. > > % pkg info firefox > firefox-23.0,1 > Name : firefox > Version : 23.0,1 > Installed on : Sun Jul 20 02:37:45 EST 2014 > Origin : www/firefox > Architecture : freebsd:9:x86:64 > > Had to go hunting in the bowels of about:config to find what SSL > protocols were set, and it just showed '1' (as an integer), so after > some more hunting, on a hunch I tried '2' there. That worked! but I > have not the slightest idea why it does, or what '2' signifies :) I'm on FF 39 so this may not apply to you, but with that caveat my about:config shows security.tls.version.min = 1 security.tls.version.max = 3 and an add-on (Configuration Mania) which gives nicer access to many config settings interprets that as TLS 1.0 as minimum, TLS 1.2 as maximum. I have no problem getting to the forums. -- Those who do not learn from computing history are doomed to GOTO 1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55B79501.2020405>