Andrew Colvin wrote:
TLS1.0 and 1.1 are depricated
1) Where do you see that TLS1.1 is deprecated? I see that for TLS1l.0 but not 1.1. Nevertheless, TLS1.2 is available. and most websites have them turned off for
security reasons the same as SSL version. The old browser may also not be ale to negotiate with the SHA2 certs as SHA1 is also past it life and most browsers and sites no longer support so if your browser cannot handle SHA2 then you will not connect. Aditionally you may have old cipher support only and many of these are disabled on the servers for the health of the server.
Those are all fine and good if they were true. But no other sites that I have found have problems with my security ciphers or hashes. Of *KEY* importance here is that one of the main reasons for moving sites to "https", was the insistence of Google for "https everywhere". One would think that one or many of their sites would fail in the same way if my browser didn't support new enough algorithms. The fact that they don't -- and it is google that is pushing for this security, AND the fact that other sites like my bank, credit-card, private-health and commerce sites don't have a problem with my browser. If they thought it was a security risk, wouldn't they be among the first to implement changes? This is why I leaning toward believing that it is something specifically wrong with how suse & opensuse have upgraded their website security.
All things to check out
More to the point -- if I did try to fix something specifically to make suse work, there is the distinct possibility that I might break other websites -- whereas now suse is the only one with a problem. In debugging problems, you look at "what changed" and if the problem can be reproduced elsewhere. We know that several of the [open]suse.[org|com] websites had https-security changes and that it has affected other people than just me. Also, I'm unable to reproduce it with the same browser on other sites. That would point to the problem being with the recent https changes made by suse/opensuse admins. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org