Defect #30255
closedThis site can’t provide a secure connection www.redmine.org uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH
0%
Description
I'm using chrome with option --ssl-version-min=tls1.2
And can't access to https://www.redmine.org/
The vulnerabilities within SSL and early TLS are serious.
Please update your SSL/TLS configuration.
!Screenshot from 2018-12-20 09-32-46.png!
!Screenshot from 2018-12-20 09-32-20.png!
I recommend you to check result with this link https://www.ssllabs.com/ssltest/analyze.html?d=www.redmine.org
Files
Updated by Go MAEDA about 6 years ago
The server must be updated in a hurry. TLS 1.1 support will be dropped by 2020 in most web browsers.
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
Updated by Bernhard Rohloff about 6 years ago
The Qualys rating is really awful!
jp jp If we can help you in any kind of way don't feel afraid to ask. :-)
Updated by Anatolii Vorona about 6 years ago
Updated by Franklin Yu almost 6 years ago
There has been an issue #29202, but it was marked as duplicate of an internal issue.
Updated by Jan Niggemann (redmine.org team member) about 5 years ago
jp jp: We have 6 months before TLS 1.1 support is dropped. How can we assist you / what can we do to get the server updated?
Updated by Go MAEDA almost 5 years ago
- Status changed from New to Closed
- Resolution set to Fixed
www.redmine.org now supports TLS 1.2.
$ curl --tlsv1.2 --head https://www.redmine.org/ HTTP/1.1 200 OK Date: Fri, 10 Jan 2020 02:15:59 GMT Server: Apache X-UA-Compatible: IE=Edge,chrome=1 . . .