Just saw the original message (Outlook Web Access isn't the greatest in presenting threads). I had to do it manually but the number of settings to change was small (for a fairly simple website). I would think a sed script inside a for loop would do for a system. If you have a large number of systems then it's time to look at Puppet/Ansible/Chef. ________________________________ From: CentOS <centos-bounces@xxxxxxxxxx> on behalf of Leroy Tennison <leroy@xxxxxxxxxxxxxxxx> Sent: Friday, October 11, 2019 11:48 PM To: CentOS mailing list <centos@xxxxxxxxxx> Subject: Re: easy way to stop old ssl's Without context it's impossible to make firm statements but, having gone through this a while back (and discovering that less than 1 percent of an examined list of connections couldn't support current ssl - mainly Apple hardware), who do you want to protect? Is it the minority who won't/can't upgrade or the majority who have? And, do you have to protect yourself from liability (regulatory or contractual)? If the environment is in any way sensitive (Personally Identifiable Information, Health data, Credit Card data) then the answer is obvious. Harriscomputer Register now for the dataVoice User Conference, October 9-11 at the Gaylord Rockies in Denver, CO. To register click Here<https://www.harriscomputer.com/en/events/> Leroy Tennison Network Information/Cyber Security Specialist E: leroy@xxxxxxxxxxxxxxxx [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ________________________________ From: CentOS <centos-bounces@xxxxxxxxxx> on behalf of Warren Young <warren@xxxxxxxxxxx> Sent: Friday, October 11, 2019 3:58 PM To: CentOS mailing list <centos@xxxxxxxxxx> Subject: [EXTERNAL] Re: easy way to stop old ssl's Harriscomputer Register now for the dataVoice User Conference, October 9-11 at the Gaylord Rockies in Denver, CO. To register click Here<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.harriscomputer.com%2fen%2fevents%2f&c=E,1,4J7-GGGBpU9KBPfPZ7bL730w7WiyJlctx6iIvi5PWH7ZM8lC_dVONfXLuYIqLeXHJdKEpUhep3pXkJ3H5aKy9zTmVcdXIuVUQwAE9dGXbSxuwQ8,&typo=1> Leroy Tennison Network Information/Cyber Security Specialist E: leroy@xxxxxxxxxxxxxxxx [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com&c=E,1,1CVIwFnqDNjeMobHyItdRlGR_7-a25a9csDCwUICadY6cNeNGWLIh7RYua2hi0wTgCsLyEWcZhDFXu0XIqOzIqg62dgI8l7698aRzx0KHSU6X2L5SVbV&typo=1<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f&c=E,1,5g3DWaevZ_6CRMR9DZ2NvFs6mv0LUL7Ceslt7x0pEY9xRa4IkwRngZxDYuKiPPTTL5ikJeKoHbPkB7LfS3v_n8-NYxZO_2Emr5Y89EPatHmO_a2MY-Ol3A,,&typo=1>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On Oct 11, 2019, at 2:52 PM, isdtor <isdtor@xxxxxxxxx> wrote: > >> Yes, breaking changes. Doing this *will* cut off support for older browsers. On purpose. > > Old browsers aren't really the problem. Even ff 45 (?) from CentOS5 will happily access a TLSv1.2-only server. IE 10 and older won’t, though: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcaniuse.com%2f%23feat%3dtls1-2&c=E,1,OoDXU9RwckHnPZSdyy1A-Mat1VYd83r6qJeujdFE_9jDKQp4hvmqnE9CbbcsCi5OsTOOx75sM1xfwvskBnYzTm7sNq1P3DnbfLyLhGR491ys6viVqTrf&typo=1 > The problem is user that have old versions of software installed with no TLSv1.2 support. SVN, python 2.7 scripts, etc. Also true. There’s a lot of stuff still linked to OpenSSL 1.0.0 and 0.98. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos