On Thursday, May 30, 2019 at 6:40:28 PM UTC+1, Celejar wrote: > > I see that Debian does ship the default certificate, in: > > /usr/share/perl5/Mojo/IOLoop/resources/server.crt > /usr/share/perl5/Mojo/IOLoop/resources/server.key > > Has Debian disabled it, or is there something that one needs to do to > enable it? The documentation implies that running the server as I did > should just work with the built-in certificate? >
The next Debian stable release (10/buster) is currently frozen and due for release 2019-07-06. It will be released with a system-wide minimum supported TLS version of 1.2, which the current mojolicious default https key does not support. As a result, connections over https using this certificate on current Debian testing/unstable and the next stable release "buster" will fail. As you have noticed, creating new keys that are TLS 1.2+ compliant will work. It is also possible to adjust the minimum supported TLS version on your system, but this is not recommended. I have created a PR for consideration which replaces the current keypair with one suitable for TLS 1.2+ at: https://github.com/mojolicious/mojo/pull/1371 I would also recommend that the keys used during the TEST_TLS phase of the test suite similarly be updated to support TLS 1.2+. Cheers, Nick -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/mojolicious/b89b31bc-0a60-48b7-8364-a6271c235717%40googlegroups.com.
