1. 23
    Removing Old Versions of TLS browsers networking security blog.mozilla.org
    alex_gaynor avatar via alex_gaynor 4 years ago |
    Archive.org Archive.today Ghostarchive
    | 6 comments

See also:

  1. 6
    alynpost avatar alynpost 4 years ago | link

    One of my power distribution units (PDUs) has a web-based interface. Not strictly because of this announcement, but I’m no longer able to use Firefox to access it–the SSL/TLS supported by the PDU and the SSL/TLS supported by Firefox no longer overlap.

    By and large all of our network equipment is configured over serial, rather than https, but this one exception is now twice noteworthy to me–both in being web-based rather than serial and in speaking a no longer supported dialect of https.

    1. 8
      valpackett avatar valpackett 4 years ago | link

      I think anything “legacy” (like your case) or “retro” (trying to browse the modern web on Windows 98) in the TLS world will soon require (MitM) proxying.

      1. 4
        0x2ba22e11 avatar 0x2ba22e11 4 years ago | link

        This seems like the sensible solution to me to scary unpatchable crap kit. If the vendor can’t or won’t patch a given box any more, put another box in between it and the rest of the scary scary world which you can patch whose purpose is to lets absolutely minimum traffic touch the insecure bit.

        1. 2
          nickpsecurity avatar nickpsecurity 4 years ago | link

          Good prediction. The RTOS vendors are already doing offerings for stuff like that for embedded and IoT markets. Gateway-style products.

      2. 4
        jalcine avatar jalcine 4 years ago | link

        This is excellent (and also a great justification for people to use telemetry in Free / Open Source software).

        1. 1
          cout avatar cout 4 years ago | link

          Only trillions? I’m not sure why, but I expected more.