Results 1 to 9 of 9
Like Tree7Likes
  • 2 Post By bbito
  • 2 Post By dkirker
  • 1 Post By jonwise80
  • 1 Post By Preemptive
  • 1 Post By Preemptive
  1.    #1  
    Apple, Google, Microsoft, and Mozilla come together to end TLS 1.0 | Ars Technica
    Almost everyone has now migrated to TLS 1.2, and a few have moved to TLS 1.3.

    Some have noted that the old browser now has problems connecting to some websites. There could be multiple reasons for this. For example, they might be almost entirely javascript and a version newer than that supported by webOS.

    This thread: https://forums.webosnation.com/webos...on-t-load.html seeks ways to enable access to some https sites via a proxy. If workable, it limits access to a home wifi network - not ideal for a mobile phone. If it is a system problem, a system fix is needed.

    It appears that Google & others are also seeking to mark many sites as insecure if they do not use https (even if they don't really need to). https://developers.google.com/web/up...ot-secure-warn

    So sites are under pressure to switch to https and that will mean TLS 1.2 at minimum by 2020.
    1. Is that a problem for Legacy webOS? The article linked at the top states that TLS 1.2 was released in 2008 and 1.3 is only recently finalised. It seems reasonable to assume that (unpatched) webOS supports 1.2. (or maybe not!)
    2. Is it a certificate problem? We have the OSSL update and a new root certificate bundle.
    3. Is it a problem with the TLS system communicating with the OSSL update?
    4. Or what exactly is the problem?
    Last edited by Preemptive; 10/23/2018 at 12:12 PM.
  2. #2  
    I think it has something to do with the native browser. I can connect to eBay using the qt-browser but not the native one. I don't know if that helps at all. (using a pre 3 with 2.2.4)
  3. #3  
    However, I am unable to connect to Posteo (for cal/cardDAV syncing) using the C+DAV Sync App due to the node (or something else, maybe TLS?) being too old.
  4. #4  
    Quote Originally Posted by Preemptive View Post
    It seems reasonable to assume that (unpatched) webOS supports [TLS] 1.2. (or maybe not!)
    webOS 2.2.4 Stock browser with OpenSSL Updater installed I get:
    Protocols
    TLS 1.3 No
    TLS 1.2 No
    TLS 1.1 No
    TLS 1.0 Yes
    SSL 3 Yes
    SSL 2 No

    From https://www.ssllabs.com/ssltest/viewMyClient.html
    NuclearKev and Preemptive like this.
  5. #5  
    I left a comment here the other day: https://forums.webosnation.com/webos...ml#post3454390

    The QT based browsers work because they are using a new version of libssl and libcrypto. However, Palm directly accessed a few data structures internal to the library and those changed a little, so a patch would beed to be applied to the OpenSSL source to accommodate that. I started looking up all of the variables that were directly accessed, but that is as far as I have gotten so far.
    Did you know:

    webOS ran on a Treo 800 during initial development.
    NuclearKev and Preemptive like this.
  6. Shuswap's Avatar
    Posts
    8 Posts
    Global Posts
    45 Global Posts
    #6  
    Quote Originally Posted by NuclearKev
    I think it has something to do with the native browser. I can connect to eBay using the qt-browser but not the native one. I don't know if that helps at all. (using a pre 3 with 2.2.4)
    Slightly off-topic, but AuctionMate still works.
    Last edited by Shuswap; 10/24/2018 at 10:48 AM.
  7. #7  
    I got this email today...
    OutlookEndOfTLS1.png

    This will impact Outlook.com, Office365 and Hotmail users, but we have a little time. Text follows...

    As previously communicated (MC124102 in Oct 2017, MC126199 in Dec 2017 and MC128929 in Feb 2018), we are moving all of our online services to Transport Layer Security (TLS) 1.2+ to provide best-in-class encryption, and to ensure our service is more secure by default.

    [How does this affect me?]
    As of October 31, 2018, Office 365 will no longer support TLS 1.0 and 1.1. This means that Microsoft will not fix new issues found in the client, device or service that connects to Office 365 using TLS 1.0 and 1.1.

    Please note: TLS 1.0 and 1.1 will continue to function but are no longer supported. We will provide additional notification prior to retiring TLS 1.0 and 1.1 completely.

    [What do I need to do to prepare for this change?]
    You should ensure that all client-server and browser-server combinations use TLS 1.2 (or a later version) to maintain connection to Office 365 services. This may require you to update certain client-server and browser-server combinations.

    Where possible, Microsoft recommends that you remove all TLS 1.0/1.1 dependencies in your environments and that you disable TLS 1.0/1.1 at the operating system level.

    Begin your migration to TLS 1.2+, today.
    Shuswap likes this.
  8.    #8  
    Quote Originally Posted by bbito View Post
    webOS 2.2.4 Stock browser with OpenSSL Updater installed I get:
    Protocols
    TLS 1.3 No
    TLS 1.2 No
    TLS 1.1 No
    TLS 1.0 Yes
    SSL 3 Yes
    SSL 2 No

    From https://www.ssllabs.com/ssltest/viewMyClient.html
    For completeness:

    Qupzilla & Qt Browser
    TLS 1.3 No
    TLS 1.2 Yes
    TLS 1.1 Yes
    TLS 1.0 Yes
    SSL 3 No
    SSL 2 No

    Guessing our current devices will be retired before we need a TLS 1.3 update, but you never know.

    The Illustrated TLS Connection: Every Byte Explained
    Last edited by Preemptive; 10/26/2018 at 11:49 AM.
    jonwise80 likes this.
  9.    #9  
    In these situations, I often ask, "Is there anything in LuneOS we can use?". But as it's based on a minimal Android install with new tech on top, the answer is often, "No". We now have Qt5, but this may not help the system as a whole.

    But there is a complete, modern webOS out there. Can LGwebOS OSE supply the needed components?
    gazaud likes this.

Similar Threads

  1. Are there any Night Modes for WebOS like f.lux?
    By footloose man in forum HP TouchPad
    Replies: 8
    Last Post: 11/11/2018, 09:46 AM
  2. pivotCE: The New Palm phone is revealed.
    By Preemptive in forum Upcoming & Rumored webOS Devices
    Replies: 28
    Last Post: 11/08/2018, 06:43 AM
  3. A (new?) solution (/work-around) for HTTPS sites that won't load
    By jonwise80 in forum webOS Discussion Lounge
    Replies: 13
    Last Post: 10/23/2018, 12:11 PM
  4. Lg WebOS Tv out of memory error
    By jhamond987 in forum LG webOS TV
    Replies: 1
    Last Post: 10/19/2018, 02:39 PM
  5. Lg WebOS Tv out of memory error
    By Sagar Venugopal in forum LG webOS TV
    Replies: 0
    Last Post: 10/19/2018, 08:05 AM

Posting Permissions