On Monday, 20 December 2021 23:32:57 CET A. F. Cano wrote: > > FreedomBox 21.9 (2021-09-18) removed support for SSLv3, TLSv1 and > > TLSv1.1. > > > > https://wiki.debian.org/FreedomBox/ReleaseNotes#FreedomBox_21.9_.282021-09 > > -18.29 > > > > After upgrading to 21.9, I also found my tt-rss Android client (1.301- > > fdroid) stopped working (SSLProtocolException:SSL handshake) on my > > old phone frozen in time at Android 4.3. I think older phones stuck at > > older versions of Android are just out of luck. > > Well, that explains it. Thanks for clarifying.
https://salsa.debian.org/freedombox-team/freedombox/-/commit/ 956b17da062715990024684be6c969c4e40d21c7 is the commit where that happened. You _could_ remove "-TLSv1.1" from the SSLProtocol line (39), but do realize that if you do that, you ARE compromising the security of your freedombox! (which you can verify by doing another test at ssllabs.com) I agree with the freedombox decision to disable TLSv1.1* and lower by default and if you decide to change the configuration, only do it as a temporary thing to give you some extra time to upgrade your phone's OS, after which you should disable TLSv1.1 again. > Disappointing, as radicale was workin quite nicely. I understand it's inconvenient, but what it actually showed you is that the security of your phone's OS is bad. >From https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0 : "In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020." There's a good chance various things already stopped working for you and it'll only get 'worse' for you, but better for security, over time. HTH *) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982745
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
