Re: Making www.cpan.org TLS-only

Uh, there’s no “SSL” anymore. The newer versions of SSL have been “TLS” since the end of the nineties. https://en.wikipedia.org/wiki/Transport_Layer_Security That being said, the suggested change here is to require HTTPS for www.cpan.org by redirecting all plain-text HTTP requests to the HTTPS

Re: Making www.cpan.org TLS-only

On one hand SSL (especially openssl) has received a lot of negative publicity about being insecure, so your proposal has merit. The counter argument is that Perl and CPAN strive to be relevant for ancient, old, young and brand-spanking-new installations. Forcing TLS would likely break some older

Re: Making www.cpan.org TLS-only

> On Aug 31, 2017, at 19:44, James E Keenan wrote: > > To be honest, I had no idea what 'TLS' meant when I first read this message. > So I can't say anything one way or the other about your proposal. > > I suspect I'm not alone in this. I would encourage you to post in a

Re: Making www.cpan.org TLS-only

On 08/31/2017 09:10 PM, Ask Bjørn Hansen wrote: Hi everyone, We’re considering how/how-much we can make www.cpan.org TLS-only. http://log.perl.org/2017/08/tls-only-for-wwwcpanorg.html I expect that we can’t make the whole site TLS-only without breaking some CPAN clients, so the conservative

Making www.cpan.org TLS-only

Hi everyone, We’re considering how/how-much we can make www.cpan.org TLS-only. http://log.perl.org/2017/08/tls-only-for-wwwcpanorg.html I expect that we can’t make the whole site TLS-only without breaking some CPAN clients, so the conservative version is to force TLS for - any url ending in