FreeBSD Forum access problem (was Re: Endless Data Loss)

[Ian Smith]

On Tue, 28 Jul 2015 15:43:13 +0100, Arthur Chance wrote:
 > On 28/07/2015 14:30, Ian Smith wrote:
 > > On Sun, 26 Jul 2015 18:09:13 +0200, Polytropon wrote:
 > >   > On Sun, 26 Jul 2015 23:58:25 +1000 (EST), Ian Smith wrote:
 > > 
 > >   > > That's not the problem.  The problem with the forums site is that it
 > > no
 > >   > > longer allows connections using SSLv3 or TLS 1.0 .. it requires at
 > > least
 > >   > > TLS 1.1 now, and might later accept only TLS 1.2, even just for
 > > reading.
 > >   >
 > >   > Thank you for clarification! I've set the security options
 > >   > to only (!) allow TLS 1.1 and 1.2, _no_ SSL v3 or TLS 1.0,
 > >   > and now I can connect to the forum again. I'll check now if
 > >   > the other few websites I visit will be "impacted" by that
 > >   > configuration change.
 > > 
 > > I don't think you needed to disable older protocols - unless you want to
 > > not permit yourself to connect to older sites that only present those
 > > protocols - in order for the highest/latest options to be selected where
 > > they are enabled and perhaps demanded as in the case of the forums.
 > > 
 > > But you should test that assumption, which is all it is.
 > > 
 > > I've since found that even my not-SO-ancient firefox from 9.1 to
 > > 9.2-stable times would not connect to forums.freebsd.org either.
 > > 
 > > % pkg info firefox
 > > firefox-23.0,1
 > > Name           : firefox
 > > Version        : 23.0,1
 > > Installed on   : Sun Jul 20 02:37:45 EST 2014
 > > Origin         : www/firefox
 > > Architecture   : freebsd:9:x86:64
 > > 
 > > Had to go hunting in the bowels of about:config to find what SSL
 > > protocols were set, and it just showed '1' (as an integer), so after
 > > some more hunting, on a hunch I tried '2' there.  That worked! but I
 > > have not the slightest idea why it does, or what '2' signifies :)
 > 
 > I'm on FF 39 so this may not apply to you, but with that caveat my
 > about:config shows
 > 
 > security.tls.version.min = 1
 > security.tls.version.max = 3
 > 
 > and an add-on (Configuration Mania) which gives nicer access to many config
 > settings interprets that as TLS 1.0 as minimum, TLS 1.2 as maximum. I have no
 > problem getting to the forums.

Thanks for the info, Arthur, and for elaboration by Michael.  FF 23 does 
have both of those, originally set .min=0 (allowing RC4, I guess?) and 
.max=1 (TLS 1.0).  I then changed only .max=2, TLS 1.1 apparently, 
sufficient for access to forums.freebsd.org - at present, anyway.

So now I have .min=1 and .max=3 like yours, which works the same on the 
forums.  If I find any sites where .min=1 is a problem I'll report back.

FWIW, I'd beaten around the FF help site earlier re this, with no joy.

cheers, Ian