Port Fetch Failing

Tim Daneliuk tundra at tundraware.com
Sun Jun 7 15:20:28 UTC 2015

On 06/01/2015 08:25 PM, Roger Marquis wrote:
>  SSLProtocol         all -SSLv2 -SSLv3
>  SSLCompression      off
>  SSLHonorCipherOrder on

This certainly works.

> If you're processing credit cards SSLProtocol will need to be expanded to
> "-SSLv2 -SSLv3 -TLSv1" by 2016/07 (for PCI compliance) and if you have
> good reason to be paranoid and all of your clients are up-to-date, add
> "-TLSv1.1".

And there's the rub.  TLS1 is known to be weak, susceptible to Poodle (so is 1.1 as
I understand it,  and I'd love to turn it off.  Unfortunately, that's exactly
what the FreeBSD ports mechanism wants to use to get port sources as best
as I can determine.  Everytime I do -TLS1, port fetches start to break.

It there a plan, I wonder to move to TLS 1.2 and be done with this?

Tim Daneliuk     tundra at tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

More information about the freebsd-ports mailing list