Am 11.11.21 um 14:59 schrieb Jim Jagielski: > Wild question: Why do we even need TLS? I know, I know, that there is this > push for SSL everywhere, but really, despite what the powers behind the "new > internet" think, not all comms require TLS. > > But Ok, with that off my chest :) > > So we think/know that OpenSSL1.1 would NOT have that problem because it works > around the LetsEncrypt issue. Which means we have 2 options: > > 1. Stay w/ OpenSSL 1.0.2 and use the LE hack mentioned in this thread > 2. Upgrade all to OpenSSL 1.1
In the short term we should do 1. We would need to ask SourceForge if they can configure the certificates for the extension site as mentioned. And we should start to move our Update Feed locations to a seperate server which also could have older TLS enabled. I still think we should work on 2. somehow. > > My assumption is that dropping Serf for Curl wouldn't make a difference since > both use OpenSSL > >> On Nov 11, 2021, at 8:46 AM, Matthias Seidel <matthias.sei...@hamburg.de> >> wrote: >> >> Hi Jim, >> >> Am 11.11.21 um 14:16 schrieb Jim Jagielski: >>> According to the serf mailing list, there are issues, at least with the >>> test suite. >>> >>> Can someone confirm that AOO42X/trunk do NOT have the problem? It would be >>> a lot easier to back port the openssl and apr/serf stuff from those >>> branches to AOO41X than upgrade all to openssl1.1/serf1.3.9 >> I just started my xubuntu VM with AOO 4.2.0 and it has the same problem. >> No connection to our Update Feed/Extension site. >> >>>> On Nov 11, 2021, at 7:35 AM, Arrigo Marchiori <ard...@yahoo.it.INVALID> >>>> wrote: >>>> >>>> Hello Jim, All, >>>> >>>> On Wed, Nov 10, 2021 at 01:19:16PM -0500, Jim Jagielski wrote: >>>> >>>>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf >>>>> is upgraded to support 1.1 >>>> Sorry... do you mean _our_ serf? >>>> >>>> Because serf 1.3.9 seems to build and run fine standalone with openssl >>>> 1.1.1. >>>> >>>> Thank you in advance for making this clear. >>>> >>>> Best regards, >>>> -- >>>> Arrigo >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org >>>> For additional commands, e-mail: dev-h...@openoffice.apache.org >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org >>> <mailto:dev-unsubscr...@openoffice.apache.org> >>> For additional commands, e-mail: dev-h...@openoffice.apache.org >>> <mailto:dev-h...@openoffice.apache.org>
smime.p7s
Description: S/MIME Cryptographic Signature
