oss-sec mailing list archives

Re: feedback requested regarding deprecation of TLS 1.0/1.1


From: Dan Kegel <dank () kegel com>
Date: Wed, 7 Aug 2024 07:28:00 -0700

https://www.reddit.com/r/browsers/comments/r5vzqx/any_browsers_left_that_can_do_ssl_1020/
has some non-medical examples of impacted devices, and a workaround using
firefox... which might still work.  If it does, it could be mentioned in
release notes as a courtesy to possibly affected users.

On Wed, Aug 7, 2024, 6:28 AM Jeffrey Walton <noloader () gmail com> wrote:

On Wed, Aug 7, 2024 at 8:44 AM Chad Sheridan <chadapsheridan () gmail com>
wrote:

As a sysadmin, I welcome all of the changes. As far as warnings/alerts, I
can safely say, most of our clients don't read them anyway.

Can those machines be put behind a proxy?

As for this, of course they can, but some clients will be tied up with so
much red tape and budgetary BS that it's a solution that isn't feasible
in
a reasonable time frame.

++. Medical devices certified 10 or 15 years ago won't be able to
pivot as quickly as most people would like. And as I understand
things, the certifications for medical equipment can be lengthier and
more expensive than NIST's Cryptographic Module Validation Program.

(It's somewhat amazing how often Windows CE and Windows Mobile crop up
every now and again).

Jeff


Current thread: