神刀安全网

Peter Zaitsev: El5 and why we’ve had to enable TLSv1.0 again

Peter Zaitsev: El5 and why we’ve had to enable TLSv1.0 again We have had to revert back to TLSv1.0.

If you saw my previous post on TLSv1.0 ( https://www.percona.com/blog/2016/05/23/percona-disabling-tlsv1-0-may-31st-2016/ ), you’ll know I  wanted to deprecate TLSv1.0 well ahead of PCI’s changes. We made the changes  May 31st .

Unfortunately, it has become apparent that EL 5, which is in the final phases of End Of Life, does not support TLSv1.1 or TLSv1.2. As such, I have had to re-enable TLSv1.0 support so that these users employing EL 5 can still receive updates from our repositories.

If you are running EL 5 (RHEL 5 / CentOS 5 / Scientific Linux 5 / etc …), I encourage you to update as soon as possible. As of March 31st, 2017 there will be no more updates at all, and at present EL 5 is effectively receiving very few updates . It also has known vulnerabilities.

Removal of TLSv1.0 support will now take place March 31st, 2017. If there are any EL 5 backports that bring support for TLSv1.1 / TLSv1.2 in the interim, I will seek to remove support earlier.

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Peter Zaitsev: El5 and why we’ve had to enable TLSv1.0 again

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址