mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

comment

Browse source
This commit is contained in:
Joey Hess 2024-10-22 13:54:54 -04:00
parent 6a78f245ad
commit cf7e6835ca
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
doc/bugs/tls__58___peer_does_not_support_Extended_Main_Secret/comment_3_88789e5ee89a6229d1b4e31ecbc1a4a3._comment Normal file
View file

@ -0,0 +1,17 @@
[[!comment format=mdwn
username="joey"
subject="""comment 3"""
date="2024-10-22T17:39:17Z"
content="""
git-annex builds with stack have used tls-2.0.x since August. I think many
other builds are still using older tls from before this change, eg Debian
is still on tls-1.8.0.
So it's possible that more outdated servers will be causing problems as
things continue to upgrade. It seems worth leaving this bug open for now.
Also it seems pretty clear that TLS 1.2 without EMS is insecure, but I
don't know if the insecurity is of a kind that is likely to affect
git-annex users. Bearing in mind that git-annex can be used to upload
sensitive information to HTTP servers, caution is warrented.
"""]]