Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <DA850315-DB70-489A-994A-8845695BD15B@redhat.com>
Date: Thu, 8 Aug 2024 12:46:34 +0200
From: Clemens Lang <cllang@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: feedback requested regarding deprecation of TLS
 1.0/1.1

Hi,

> On 7. Aug 2024, at 19:48, Solar Designer <solar@...nwall.com> wrote:
> 
> 1. Hosting a public server that's meant to be usable by the widest
> audience possible, including from both up-to-date and older systems.
> For example, a website should display in latest web browsers, but
> command-line downloads from the same server should also work from old
> systems (e.g., running LTS distros).

Speaking of LTS distros: RHEL 6.10 supports TLS 1.2.
At what point is a distro not LTS, but a museum piece which we can ignore?
What currently supported LTS distro does not support TLS 1.2?


> 2. Scanning or crawling a wide variety of systems, e.g. by a search
> engine indexer, an asset enumeration tool, a security scanner, or during
> a pentest.

What good is a search engine index of a webpage no modern browser will connect to?

The other use cases sound like they’d be done with special tooling anyway, in which case that can continue to ship an older version of OpenSSL for this purpose.


-- 
Clemens Lang
RHEL Crypto Team
Red Hat

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.