Opened 4 years ago

Closed 3 years ago

#16350 closed task (fixed)

Disable TLS 1.0/1.1 on dev.haiku-os.org

Reported by: Coldfirex Owned by: nielx
Priority: normal Milestone:
Component: Website/Trac Version:
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

Per best security practices we should look into disabling TLS 1.0 and 1.1 on dev.haiku-os.org. It is already disabled on the main website.

Change History (8)

comment:1 by nielx, 4 years ago

Could you make the case for this?

comment:2 by Coldfirex, 4 years ago

Because it has known security issues, the security community has been advising everyone to disable it for years, and all web browsers are planning on dropping support for it.

comment:3 by nielx, 4 years ago

Have you checked Haiku's support for TLS 1.2 and up?

comment:4 by Coldfirex, 4 years ago

No, but if the main website pulls up under Haiku then it is supported (it is TLS 1.2+ only).

comment:5 by Coldfirex, 3 years ago

Think we could shoot for this after we get Beta 3 out? I cant make the changes but I am familiar with performing this on different OSs and web servers if assistance is required.

comment:6 by nielx, 3 years ago

Status: newin-progress

in reply to:  3 comment:7 by nephele, 3 years ago

Replying to nielx:

Have you checked Haiku's support for TLS 1.2 and up?

Haiku does not support TLS 1.0, only 1.1 and up
We should support 1.2 fine afaik. (I was under the impression 1.1 was disabled too, but apparently not :)

https://git.haiku-os.org/haiku/tree/src/kits/network/libnetapi/SecureSocket.cpp#n354

comment:8 by nielx, 3 years ago

Milestone: Unscheduled
Resolution: fixed
Status: in-progressclosed
Note: See TracTickets for help on using tickets.