Re: What happens to CPAN clients when TLS 1.2 is required?
It's been an issue at work for darwin. Unless something uses SecureTransport (which the Perl TLS stack doesn't), older versions of OS X have openssl 0.9.x (though eventually no headers to build with). Hopefully Perl people building Net::SSLeay on OS X are using macports/homebrew to get something newer. On Wed, Apr 25, 2018 at 2:21 AM, Ask Bjørn Hansenwrote: > > > On Apr 24, 2018, at 18:11 , David Golden wrote: > > But when they do opt into TLS, it's 1.2 required, right? > > > Sure, but … TLS 1.2 is almost ten years old. 1.1 is only barely older. > What operating systems don’t support TLS 1.2, but are otherwise functional > / reasonable enough that you’d be installing anything new? (And if you are > running something that old, downloading over TLS shouldn’t be your top > priority problem). > > > Ask > -- David Golden Twitter/IRC/GitHub: @xdg
Re: What happens to CPAN clients when TLS 1.2 is required?
> On Apr 24, 2018, at 18:11 , David Goldenwrote: > > But when they do opt into TLS, it's 1.2 required, right? Sure, but … TLS 1.2 is almost ten years old. 1.1 is only barely older. What operating systems don’t support TLS 1.2, but are otherwise functional / reasonable enough that you’d be installing anything new? (And if you are running something that old, downloading over TLS shouldn’t be your top priority problem). Ask
Re: What happens to CPAN clients when TLS 1.2 is required?
Thanks! But when they do opt into TLS, it's 1.2 required, right? On Tue, Apr 24, 2018, 8:45 PM Ask Bjørn Hansenwrote: > www.cpan.org only forces TLS on modern browsers and the “user visible” > pages. The index and distributions are TLS optional. > > -- > http://askask.com/ > > On Apr 24, 2018, at 11:52, David Golden wrote: > > A colleague wrote this article about Python, which also uses Fastly: > https://pyfound.blogspot.com/2017/01/time-to-upgrade-your-python-tls-v12.html > > I realize that a lot of clients may not even use TLS for CPAN downloads, > but for those that do, will they be in for a surprise when our cpan.org > and metacpan.org Fastly-backed CPAN mirrors stop serving insecure TLS > traffic? > > David > > -- > David Golden Twitter/IRC/GitHub: @xdg > >
Re: What happens to CPAN clients when TLS 1.2 is required?
Hi, https://metacpan.org/ and http[s]://[back|c]pan.metacpan.org/ dropped everything that isn't TLS 1.2 a little while ago.. - https://www.ssllabs.com/ssltest/analyze.html?d=metacpan.org=151.101.130.217 - https://www.ssllabs.com/ssltest/analyze.html?d=cpan.metacpan.org=151.101.130.217 Looks like https://www.cpan.org is as well - https://www.ssllabs.com/ssltest/analyze.html?d=www.cpan.org=151.101.194.49 So I think we've done this. Leo On 24 April 2018 at 19:52, David Goldenwrote: > A colleague wrote this article about Python, which also uses Fastly: > https://pyfound.blogspot.com/2017/01/time-to-upgrade-your- > python-tls-v12.html > > I realize that a lot of clients may not even use TLS for CPAN downloads, > but for those that do, will they be in for a surprise when our cpan.org > and metacpan.org Fastly-backed CPAN mirrors stop serving insecure TLS > traffic? > > David > > -- > David Golden Twitter/IRC/GitHub: @xdg >