Comments (6)
See #110 and https://github.com/matrix-org/synapse/issues/8316 🙂
from matrix-federation-tester.
Yeah openssl 0.9.x doesnt have tls1.2, I guess that would be anyone on an ancient centos6 install, but even that has openssl1 as an official rpm. Considering the first security advice you read for securing services is disabling tls1.1 thats some old unsupported stuff right there (be nice if they got a warning but joys of legacy software).
Thanks for the tickets!
from matrix-federation-tester.
I could totally believe that I'm just remembering the situation from 2014 or whenever the last time this came up was! When/if we get time to look at the tickets we'll try and figure out the appropriate bounds, which may well include 1.2.
Thanks for flagging this! 👍 Will close this in favour of the others now though
from matrix-federation-tester.
The problem with putting such a strong requirement on your TLS handshake is that there will be a bunch of matrix servers out there who can't speak TLS 1.2, and this will break federation for them. Now ideally we should put some guidance out about what the minimum versions should be, but I doubt enough of the world speaks 1.2 for it to be considered as a viable minimum.
Fixing the federation tester to speak 1.2 won't help with any of that, so I'm not sure it'd be an advantage to fix it.
from matrix-federation-tester.
Future proofing? maybe a warning "your ciphers are too strong for federation use". I only raised this because whilst trying to diagnose my connection, this failing was a red herring is all.
Also, who can't speak tls1.2 out of interest? is that some kind of python2/centos6 aged type thing?
Also handy for private homeserver groups that dont talk to the general populace (arguably).
from matrix-federation-tester.
Yeah, agreed that it'd be useful to make the federation tester check for TLS compatibility (assuming we make some guidelines). Will file a new issue about it.
Also, who can't speak tls1.2 out of interest? is that some kind of python2/centos6 aged type thing?
I think some older versions of distros use openssl 0.9.x versions which don't support it? Or something, I haven't really looked recently if I'm honest.
from matrix-federation-tester.
Related Issues (20)
- Could this tool check if TURN configuration is working ? HOT 1
- Fed tester needs release and redeploy to fix TLS-1.3 HOT 1
- federation tester incorrectly says it times out when .well-known has a time-out, but an SRV record is present HOT 4
- federation tester does not return valid result HOT 3
- DNS SRV record present but version is still fetched from main domain HOT 2
- All green report for v4 and v6 even if well-known is only reachable via v6 HOT 2
- federation tester started to complain about wildcard ssl certificate HOT 7
- Version request does not honour delegation
- [HELP REQUIRED] Non-200 response 404 from remote server HOT 11
- API that returns a simple indicator whether the federation is okay HOT 3
- Federation is using wrong hostname even if SRV record seems correct HOT 3
- federation-tester is querying regularly on ip:8448 instead honoring hostname/domain and well-known HOT 1
- Does certificate error prevent other servers from getting room information? HOT 1
- Plain text endpoint does not work on matrix.org instance HOT 3
- Documentation on usage with prometheus HOT 1
- Feature request: Add prometheus formatted output
- IPv6 only main site and dual stack matrix server HOT 2
- Federation tester can't find .well-known file HOT 2
- Query authoritative DNS Server for SRV record HOT 1
- Wrong SNI header gets set. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from matrix-federation-tester.