Re: What happens to CPAN clients when TLS 1.2 is required?

2018-04-25 Thread David Golden 
It's been an issue at work for darwin.  Unless something uses
SecureTransport (which the Perl TLS stack doesn't), older versions of OS X
have openssl 0.9.x (though eventually no headers to build with).  Hopefully
Perl people building Net::SSLeay on OS X are using macports/homebrew to get
something newer.

On Wed, Apr 25, 2018 at 2:21 AM, Ask Bjørn Hansen  wrote:

>
>
> On Apr 24, 2018, at 18:11 , David Golden  wrote:
>
> But when they do opt into TLS, it's 1.2 required, right?
>
>
> Sure, but … TLS 1.2 is almost ten years old. 1.1 is only barely older.
> What operating systems don’t support TLS 1.2, but are otherwise functional
> / reasonable enough that you’d be installing anything new?  (And if you are
> running something that old, downloading over TLS shouldn’t be your top
> priority problem).
>
>
> Ask
>



-- 
David Golden  Twitter/IRC/GitHub: @xdg

Re: What happens to CPAN clients when TLS 1.2 is required?

2018-04-25 Thread Ask Bjørn Hansen 


> On Apr 24, 2018, at 18:11 , David Golden  wrote:
> 
> But when they do opt into TLS, it's 1.2 required, right?

Sure, but … TLS 1.2 is almost ten years old. 1.1 is only barely older.  What 
operating systems don’t support TLS 1.2, but are otherwise functional / 
reasonable enough that you’d be installing anything new?  (And if you are 
running something that old, downloading over TLS shouldn’t be your top priority 
problem).


Ask

Re: What happens to CPAN clients when TLS 1.2 is required?

2018-04-24 Thread David Golden 
Thanks!

But when they do opt into TLS, it's 1.2 required, right?

On Tue, Apr 24, 2018, 8:45 PM Ask Bjørn Hansen  wrote:

> www.cpan.org only forces TLS on modern browsers and the “user visible”
> pages. The index and distributions are TLS optional.
>
> --
> http://askask.com/
>
> On Apr 24, 2018, at 11:52, David Golden  wrote:
>
> A colleague wrote this article about Python, which also uses Fastly:
> https://pyfound.blogspot.com/2017/01/time-to-upgrade-your-python-tls-v12.html
>
> I realize that a lot of clients may not even use TLS for CPAN downloads,
> but for those that do, will they be in for a surprise when our cpan.org
> and metacpan.org Fastly-backed CPAN mirrors stop serving insecure TLS
> traffic?
>
> David
>
> --
> David Golden  Twitter/IRC/GitHub: @xdg
>
>

Re: What happens to CPAN clients when TLS 1.2 is required?

2018-04-24 Thread Leo Lapworth 
Hi,

https://metacpan.org/ and http[s]://[back|c]pan.metacpan.org/ dropped
everything that isn't TLS 1.2 a little while ago..

-
https://www.ssllabs.com/ssltest/analyze.html?d=metacpan.org=151.101.130.217

-
https://www.ssllabs.com/ssltest/analyze.html?d=cpan.metacpan.org=151.101.130.217

Looks like https://www.cpan.org is as well

-
https://www.ssllabs.com/ssltest/analyze.html?d=www.cpan.org=151.101.194.49

So I think we've done this.

Leo





On 24 April 2018 at 19:52, David Golden  wrote:

> A colleague wrote this article about Python, which also uses Fastly:
> https://pyfound.blogspot.com/2017/01/time-to-upgrade-your-
> python-tls-v12.html
>
> I realize that a lot of clients may not even use TLS for CPAN downloads,
> but for those that do, will they be in for a surprise when our cpan.org
> and metacpan.org Fastly-backed CPAN mirrors stop serving insecure TLS
> traffic?
>
> David
>
> --
> David Golden  Twitter/IRC/GitHub: @xdg
>