[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1
From: |
Tim Rühsen |
Subject: |
Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1 |
Date: |
Sun, 15 Jul 2018 11:07:20 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
On 14.07.2018 23:57, Jeffrey Walton wrote:
> On Tue, Jun 19, 2018 at 6:44 AM, Loganaden Velvindron <address@hidden> wrote:
>> ...
>> As per:
>> https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00
>>
>> Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by
>> default. No doubt that this will cause some discussions, I'm open to
>> hearing all opinions on this.
>
> What will users do?
>
> I'm guessing most will turn to --no-check-certificate or HTTP, which
> has the net effect of removing security, not improving it.
>
> Stack Overflow is littered with the --no-check-certificate answer for
> questions ranging from "how do I use wget to download a file" to "how
> do I make my PHP work again".
This is to accept "broken / misused" certificates (lifetime exceeded,
wrong domain, etc.) - but maybe I am wrong. Could you explain what the
TLS version has to do with this ? AFAICS, if a server doesn't speak
TLS1.2, this option this option isn't of any use.
Regards, Tim
signature.asc
Description: OpenPGP digital signature