We have had to revert back to TLSv1.0.
If you saw my previous post on TLSv1.0 ( https://www.percona.com/blog/2016/05/23/percona-disabling-tlsv1-0-may-31st-2016/ ), you’ll know I wanted to deprecate TLSv1.0 well ahead of PCI’s changes. We made the changes May 31st .
Unfortunately, it has become apparent that EL 5, which is in the final phases of End Of Life, does not support TLSv1.1 or TLSv1.2. As such, I have had to re-enable TLSv1.0 support so that these users employing EL 5 can still receive updates from our repositories.
If you are running EL 5 (RHEL 5 / CentOS 5 / Scientific Linux 5 / etc …), I encourage you to update as soon as possible. As of March 31st, 2017 there will be no more updates at all, and at present EL 5 is effectively receiving very few updates . It also has known vulnerabilities.
Removal of TLSv1.0 support will now take place March 31st, 2017. If there are any EL 5 backports that bring support for TLSv1.1 / TLSv1.2 in the interim, I will seek to remove support earlier.
转载本站任何文章请注明：转载至神刀安全网，谢谢神刀安全网 » Peter Zaitsev: El5 and why we’ve had to enable TLSv1.0 again