TLS: v1.2 and updated cipher list #6960

ethomson · 2024-12-13T15:58:53Z

This mandates TLS v1.2 (or better) in all providers, and updates the default supported cipher list to the most recent "intermediate" configuration from Mozilla's SSL cipher list, which is "recommended configuration for a general-purpose server".

https://wiki.mozilla.org/Security/Server_Side_TLS

This removes many outdated ciphers that are no longer practically
supported by servers, including GitHub, GitLab, and Bitbucket.

Update our default cipher list to the most recent "intermediate" configuration from Mozilla's SSL cipher list, which is "recommended cnofiguration for a general-purpose server". https://wiki.mozilla.org/Security/Server_Side_TLS This removes many outdated ciphers that are no longer practically supported by servers, including GitHub, GitLab, and Bitbucket.

ethomson changed the title ~~TLS:~~ TLS: v1.2 and updated cipher list Dec 13, 2024

ethomson mentioned this pull request Dec 13, 2024

mbedTLS 3.6 handshake failure (40) during TLS negotiation #6950

Closed

ethomson force-pushed the ethomson/tls branch 3 times, most recently from 2412a15 to c5ef96c Compare December 13, 2024 16:22

ethomson added 2 commits December 16, 2024 10:03

security: require TLSv1.2 or higher

8332249

ethomson force-pushed the ethomson/tls branch from c5ef96c to e014b10 Compare December 16, 2024 10:07

ethomson merged commit 0c48276 into main Dec 16, 2024
19 checks passed

ethomson deleted the ethomson/tls branch December 16, 2024 10:39

ethomson added the security label Dec 16, 2024

BrewTestBot mentioned this pull request Dec 28, 2024

libgit2 1.9.0 Homebrew/homebrew-core#202651

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TLS: v1.2 and updated cipher list #6960

TLS: v1.2 and updated cipher list #6960

TLS: v1.2 and updated cipher list #6960

TLS: v1.2 and updated cipher list #6960

Conversation