1 |
On Fri, Feb 12, 2021, 04:37 Joonas Niilola <juippis@g.o> wrote: |
2 |
> |
3 |
> Hey, |
4 |
> |
5 |
> First of all I'm asking because I don't know, but are there any |
6 |
> technical limitations why we should still be showing http:// mirrors |
7 |
> when https:// is available? I've just gone through multiple mirrors |
8 |
> listed in https://www.gentoo.org/downloads/mirrors/ and most of them |
9 |
> even redirect http requests to their https site. |
10 |
> |
11 |
|
12 |
So my recollection is that on the install media, openssl has |
13 |
USE=bindist[0] set, which prevents installation of EC TLS support. I |
14 |
expect this to be resolved ..hopefully this year. The impact is that |
15 |
on the installation media, you may not be able to talk to servers that |
16 |
*only* offer EC-based TLS, as the openssl on the installation media |
17 |
does not support EC-based TLS. |
18 |
|
19 |
[0] Because patents, which may or may not be expired. See |
20 |
http://bugs.gentoo.org/531540 |