On Sun, Jun 3, 2018 at 9:15 AM, Alexander Traud <[email protected]> wrote: > Currently, Asterisk downloads the tarball of the PJProject not from the > original source at Teluu but GitHub. GitHub forces the user to use HTTPs > instead of HTTP. This is already an issue as described in ASTERISK-27665 > because many tools authenticate the given certificate. Since February, GitHub > even requires TLS v1.2: > <https://githubengineering.com/crypto-removal-notice/>. > > By blind chance, the server used in third-party/pjproject/Makefile.rules was > not affected by this change in February. Anyway, that could change any day > without a word of caution. Still, that server forces HTTPs, too. > > Isn't it possible to move that tarball to a Digium server? This would avoid > the TLS v1.2-only issue and solve ASTERISK-27665 the cleanest way.
Good question! Is there any way to tell how many current-ish linux/*nix distributions lack TLS 1.2 support and would be impacted by github's change? If it's a large enough number, I think there'd be some interest in looking further at the problem. -- Matthew Fredrickson Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
