infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Harui (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (INFRA-16640) Problem reading https://www.apache.org/dist/flex/4.16.1/binaries/apache-flex-sdk-installer-config.xml
Date Wed, 13 Jun 2018 15:37:00 GMT

     [ https://issues.apache.org/jira/browse/INFRA-16640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alex Harui closed INFRA-16640.
------------------------------
    Resolution: Not A Problem

I think the ActionScript code we are using relied on TLS1.0 so we will have to upgrade our
code.

> Problem reading https://www.apache.org/dist/flex/4.16.1/binaries/apache-flex-sdk-installer-config.xml
> -----------------------------------------------------------------------------------------------------
>
>                 Key: INFRA-16640
>                 URL: https://issues.apache.org/jira/browse/INFRA-16640
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Dists
>            Reporter: Alex Harui
>            Priority: Major
>
> Flex has ActionScript code that accesses the URL in the subject.  Starting in early May
we started receiving reports that this code no longer works.  HTTP works, but HTTPS does not.
 There is a report that accessing via HTTPS on flex.a.o with this code also fails but HTTP
is ok.
> AFAICT, this code has been in use since 2015.  So I'm wondering of something changed.
 The code uses a custom TLS1.0 implementation.  I'm wondering of something changed that could
break that code.
> I saw here https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls
that early TLS is supposed to go away soon, so I was wondering if changes related to that
have been happening at Apache.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message