FreeBSD Forum access problem (was Re: Endless Data Loss)
smithi at nimnet.asn.au
Wed Jul 29 08:38:46 UTC 2015
On Tue, 28 Jul 2015 15:43:13 +0100, Arthur Chance wrote:
> On 28/07/2015 14:30, Ian Smith wrote:
> > On Sun, 26 Jul 2015 18:09:13 +0200, Polytropon wrote:
> > > On Sun, 26 Jul 2015 23:58:25 +1000 (EST), Ian Smith wrote:
> > > > That's not the problem. The problem with the forums site is that it
> > no
> > > > longer allows connections using SSLv3 or TLS 1.0 .. it requires at
> > least
> > > > TLS 1.1 now, and might later accept only TLS 1.2, even just for
> > reading.
> > >
> > > Thank you for clarification! I've set the security options
> > > to only (!) allow TLS 1.1 and 1.2, _no_ SSL v3 or TLS 1.0,
> > > and now I can connect to the forum again. I'll check now if
> > > the other few websites I visit will be "impacted" by that
> > > configuration change.
> > I don't think you needed to disable older protocols - unless you want to
> > not permit yourself to connect to older sites that only present those
> > protocols - in order for the highest/latest options to be selected where
> > they are enabled and perhaps demanded as in the case of the forums.
> > But you should test that assumption, which is all it is.
> > I've since found that even my not-SO-ancient firefox from 9.1 to
> > 9.2-stable times would not connect to forums.freebsd.org either.
> > % pkg info firefox
> > firefox-23.0,1
> > Name : firefox
> > Version : 23.0,1
> > Installed on : Sun Jul 20 02:37:45 EST 2014
> > Origin : www/firefox
> > Architecture : freebsd:9:x86:64
> > Had to go hunting in the bowels of about:config to find what SSL
> > protocols were set, and it just showed '1' (as an integer), so after
> > some more hunting, on a hunch I tried '2' there. That worked! but I
> > have not the slightest idea why it does, or what '2' signifies :)
> I'm on FF 39 so this may not apply to you, but with that caveat my
> about:config shows
> security.tls.version.min = 1
> security.tls.version.max = 3
> and an add-on (Configuration Mania) which gives nicer access to many config
> settings interprets that as TLS 1.0 as minimum, TLS 1.2 as maximum. I have no
> problem getting to the forums.
Thanks for the info, Arthur, and for elaboration by Michael. FF 23 does
have both of those, originally set .min=0 (allowing RC4, I guess?) and
.max=1 (TLS 1.0). I then changed only .max=2, TLS 1.1 apparently,
sufficient for access to forums.freebsd.org - at present, anyway.
So now I have .min=1 and .max=3 like yours, which works the same on the
forums. If I find any sites where .min=1 is a problem I'll report back.
FWIW, I'd beaten around the FF help site earlier re this, with no joy.
More information about the freebsd-questions