From owner-freebsd-questions@freebsd.org  Sun Jul 26 13:58:43 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5ADB49AB0B7
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun, 26 Jul 2015 13:58:43 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C64C43C8
 for <freebsd-questions@freebsd.org>; Sun, 26 Jul 2015 13:58:41 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t6QDwPPZ029922;
 Sun, 26 Jul 2015 23:58:26 +1000 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Sun, 26 Jul 2015 23:58:25 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Polytropon <freebsd@edvax.de>
cc: freebsd-questions@freebsd.org, jungle Boogie <jungleboogie0@gmail.com>
Subject: Re: FreeBSD Forum access problem (was Re: Endless Data Loss)
In-Reply-To: <mailman.67.1437912001.91662.freebsd-questions@freebsd.org>
Message-ID: <20150726233449.M17327@sola.nimnet.asn.au>
References: <mailman.67.1437912001.91662.freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jul 2015 13:58:43 -0000

In freebsd-questions Digest, Vol 581, Issue 7, Message: 9
On Sat, 25 Jul 2015 20:03:43 +0200 Polytropon <freebsd@edvax.de> wrote:
 > On Sat, 25 Jul 2015 09:23:51 -0700, jungle Boogie wrote:
 > > On 25 July 2015 at 06:51, Polytropon <freebsd@edvax.de> wrote:
 > > > I've tried back and forth with Opera (version 11.50/1074 here).
 > > > From "about:config" with the search terms "tls" and "ssl" and
 > > > through Tools -> Preferences -> Advanced -> Security... I just
 > > > keep getting this "helpful" message:
 > > >
 > > >         https://forums.freebsd.org/
 > > >
 > > >         Error
 > > >
 > > >         Could not connect to remote server
 > > >         Check that the address is spelled correctly,
 > > >         or try searching for the site.
 > > 
 > > 
 > > Can you access https://www.freebsd.org/ ?
 > 
 > Yes, that page never stopped working.
 > 
 > > Both have a preferred cipher of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 > 
 > Interesting... so what's the significant difference here?

That's not the problem.  The problem with the forums site is that it no 
longer allows connections using SSLv3 or TLS 1.0 .. it requires at least 
TLS 1.1 now, and might later accept only TLS 1.2, even just for reading.

We're told that this policy won't be applied to www or svnweb since you 
can't log in to those sites.  So far, bugzilla is still allowing my old 
Seamonkey to log in.  I wish I had more time to upgrade my surfin' box.

Gory details .. long thread that wanders off into other issues later:

http://lists.freebsd.org/pipermail/freebsd-security/2015-May/008350.html

cheers, Ian