Re: What happens to CPAN clients when TLS 1.2 is required?
It's been an issue at work for darwin. Unless something uses SecureTransport (which the Perl TLS stack doesn't), older versions of OS X have openssl 0.9.x (though eventually no headers to build with). Hopefully Perl people building Net::SSLeay on OS X are using macports/homebrew to get something newer. On Wed, Apr 25, 2018 at 2:21 AM, Ask Bjørn Hansen wrote: > > > On Apr 24, 2018, at 18:11 , David Golden wrote: > > But when they do opt into TLS, it's 1.2 required, right? > > > Sure, but … TLS 1.2 is almost ten years old. 1.1 is only barely older. > What operating systems don’t support TLS 1.2, but are otherwise functional > / reasonable enough that you’d be installing anything new? (And if you are > running something that old, downloading over TLS shouldn’t be your top > priority problem). > > > Ask > -- David Golden Twitter/IRC/GitHub: @xdg
Re: What happens to CPAN clients when TLS 1.2 is required?
> On Apr 24, 2018, at 18:11 , David Golden wrote: > > But when they do opt into TLS, it's 1.2 required, right? Sure, but … TLS 1.2 is almost ten years old. 1.1 is only barely older. What operating systems don’t support TLS 1.2, but are otherwise functional / reasonable enough that you’d be installing anything new? (And if you are running something that old, downloading over TLS shouldn’t be your top priority problem). Ask
Re: What happens to CPAN clients when TLS 1.2 is required?
Thanks! But when they do opt into TLS, it's 1.2 required, right? On Tue, Apr 24, 2018, 8:45 PM Ask Bjørn Hansen wrote: > www.cpan.org only forces TLS on modern browsers and the “user visible” > pages. The index and distributions are TLS optional. > > -- > http://askask.com/ > > On Apr 24, 2018, at 11:52, David Golden wrote: > > A colleague wrote this article about Python, which also uses Fastly: > https://pyfound.blogspot.com/2017/01/time-to-upgrade-your-python-tls-v12.html > > I realize that a lot of clients may not even use TLS for CPAN downloads, > but for those that do, will they be in for a surprise when our cpan.org > and metacpan.org Fastly-backed CPAN mirrors stop serving insecure TLS > traffic? > > David > > -- > David Golden Twitter/IRC/GitHub: @xdg > >
Re: What happens to CPAN clients when TLS 1.2 is required?
www.cpan.org only forces TLS on modern browsers and the “user visible” pages. The index and distributions are TLS optional. -- http://askask.com/ > On Apr 24, 2018, at 11:52, David Golden wrote: > > A colleague wrote this article about Python, which also uses Fastly: > https://pyfound.blogspot.com/2017/01/time-to-upgrade-your-python-tls-v12.html > > I realize that a lot of clients may not even use TLS for CPAN downloads, but > for those that do, will they be in for a surprise when our cpan.org and > metacpan.org Fastly-backed CPAN mirrors stop serving insecure TLS traffic? > > David > > -- > David Golden Twitter/IRC/GitHub: @xdg
Re: What happens to CPAN clients when TLS 1.2 is required?
Hi, https://metacpan.org/ and http[s]://[back|c]pan.metacpan.org/ dropped everything that isn't TLS 1.2 a little while ago.. - https://www.ssllabs.com/ssltest/analyze.html?d=metacpan.org&s=151.101.130.217 - https://www.ssllabs.com/ssltest/analyze.html?d=cpan.metacpan.org&s=151.101.130.217&latest Looks like https://www.cpan.org is as well - https://www.ssllabs.com/ssltest/analyze.html?d=www.cpan.org&s=151.101.194.49&latest So I think we've done this. Leo On 24 April 2018 at 19:52, David Golden wrote: > A colleague wrote this article about Python, which also uses Fastly: > https://pyfound.blogspot.com/2017/01/time-to-upgrade-your- > python-tls-v12.html > > I realize that a lot of clients may not even use TLS for CPAN downloads, > but for those that do, will they be in for a surprise when our cpan.org > and metacpan.org Fastly-backed CPAN mirrors stop serving insecure TLS > traffic? > > David > > -- > David Golden Twitter/IRC/GitHub: @xdg >
