[Freedombox-discuss] Cannot connect to radicale from phones after installing new image.
Diederik de Haas
didi.debian at cknow.org
Tue Dec 21 14:00:27 GMT 2021
On Monday, 20 December 2021 23:32:57 CET A. F. Cano wrote:
> > FreedomBox 21.9 (2021-09-18) removed support for SSLv3, TLSv1 and
> > TLSv1.1.
> >
> > https://wiki.debian.org/FreedomBox/ReleaseNotes#FreedomBox_21.9_.282021-09
> > -18.29
> >
> > After upgrading to 21.9, I also found my tt-rss Android client (1.301-
> > fdroid) stopped working (SSLProtocolException:SSL handshake) on my
> > old phone frozen in time at Android 4.3. I think older phones stuck at
> > older versions of Android are just out of luck.
>
> Well, that explains it. Thanks for clarifying.
https://salsa.debian.org/freedombox-team/freedombox/-/commit/
956b17da062715990024684be6c969c4e40d21c7 is the commit where that happened.
You _could_ remove "-TLSv1.1" from the SSLProtocol line (39), but do realize
that if you do that, you ARE compromising the security of your freedombox!
(which you can verify by doing another test at ssllabs.com)
I agree with the freedombox decision to disable TLSv1.1* and lower by default
and if you decide to change the configuration, only do it as a temporary thing
to give you some extra time to upgrade your phone's OS, after which you should
disable TLSv1.1 again.
> Disappointing, as radicale was workin quite nicely.
I understand it's inconvenient, but what it actually showed you is that the
security of your phone's OS is bad.
>From https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0 :
"In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they
would deprecate TLS 1.0 and 1.1 in March 2020."
There's a good chance various things already stopped working for you and it'll
only get 'worse' for you, but better for security, over time.
HTH
*) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982745
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/freedombox-discuss/attachments/20211221/3e3059aa/attachment.sig>
More information about the Freedombox-discuss
mailing list