Welcome, Guest. Please login or register.

Author Topic: -Amiga SSL Certificate Update  (Read 1363 times)

Description:

0 Members and 1 Guest are viewing this topic.

Offline Dandy

  • Hero Member
  • *****
  • Join Date: Apr 2004
  • Posts: 1221
    • Show all replies
    • http://www.wiehltalbahn.de/en/
Re: -Amiga SSL Certificate Update
« on: November 26, 2015, 12:07:09 PM »
Quote from: LoadWB;799159


For what it's worth, it's not an SSL certificate that needs to be updated, but the AmiSSL suite altogether (i believe IBrowse uses AmiSSL, it's been so long I can't remember.)  It only supports up to SSLv3, which has been deprecated industry-wide as it has numerous exploitable flaws, including an error in the block-ciphers which cannot be fixed as it is ingrained in the protocol itself.
...

tl;dr: AmiSSL needs to be updated to support TLSv1.2.



An SSL update is not just urgently required for IBrowse, but also e.g. for YAM.

Currently it is not possible to access securepop and securesmtp servers
with YAM 2.9p1 - all attempts result in error messages.


I may also point you to the discusion drummerboy started at AmigaWorld.net, where I came to this conclusion:

"So what we would urgently need for our classic AmigaOS 3.x systems is something based on at least TLS 1.2 / OpenSSL v1.0.2d."
All the best,

Dandy

Website maintained by me

If someone enjoys marching to military music, then I already despise him. He got his brain accidently - the bone marrow in his back would have been sufficient for him! (Albert Einstein)