Welcome to MilkyWay@home

Planned Deprecation of TLS 1.0/1.1

Message boards : News : Planned Deprecation of TLS 1.0/1.1
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Tom Donlon
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist

Send message
Joined: 10 Apr 19
Posts: 408
Credit: 120,203,200
RAC: 0
Message 71455 - Posted: 10 Dec 2021, 15:55:23 UTC
Last modified: 10 Dec 2021, 23:12:02 UTC

To Sum Up: Older machines/BOINC clients may encounter issues after 12/17/2021. In order to prevent this, update your BOINC client to at least 7.210 7.2.10 by then, as well as your OpenSSL and curl libraries if necessary.

Hey Everyone,

We recently renewed the cert for the server, and we realized that the server is still supporting TLS 1.0/1.1. These services are out of date and are security hazards. We are going to end support for these services as of Friday, December 17, 2021.

What does this mean for you as a user?

Older clients may still be using old versions of SSL that need TLS 1.0 or 1.1. Once we stop supporting these services, these older clients may encounter issues when trying to communicate and/or get work from the MilkyWay@home server. In order to prevent this, you should update to at least the 7.210 7.2.10 BOINC client.

Additionally, some libraries rely on old versions of TLS. The most common of these are old versions of OpenSSL and curl. If you are running old versions of these libraries, it may be time to update them. Other libraries might also cause issues, so we will keep track of any problems that people run into here.

Overall these issues are relatively easy to fix and should only impact older systems, especially those that have not updated their libraries or BIONC clients in a long time.

Best,
Tom
ID: 71455 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Kevin

Send message
Joined: 18 Oct 09
Posts: 1
Credit: 10,266,273
RAC: 2,184
Message 71456 - Posted: 10 Dec 2021, 16:27:05 UTC - in response to Message 71455.  
Last modified: 10 Dec 2021, 16:27:59 UTC

Hi,
Thanks for the update.
Where can we download the 7.210 client from, please?
Berkeley's web site only goes up to version 7.16.20.
ID: 71456 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Vitalii Koshura

Send message
Joined: 15 Mar 09
Posts: 1
Credit: 12,945,023
RAC: 3,169
Message 71457 - Posted: 10 Dec 2021, 17:06:24 UTC

There is no 7.210 BOINC release. However there is 7.2.10 but it was released 2013-08-07 so it's definitely not the correct version to upgrade to.
I can confirm that for Windows 7.16.20 is a mandatory release to be installed if you want to connect to any Project, not only this one.
ID: 71457 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Menace

Send message
Joined: 19 Aug 08
Posts: 1
Credit: 173,929,286
RAC: 0
Message 71459 - Posted: 10 Dec 2021, 18:49:36 UTC

What is this imaginary BOINC client version 7.210 you are referring to?
The latest Boinc Client available on https://boinc.berkeley.edu/download_all.php is version 7.16.20 from Oktober 17. 2021
ID: 71459 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Bill F
Avatar

Send message
Joined: 4 Jul 09
Posts: 92
Credit: 17,289,755
RAC: 3,139
Message 71460 - Posted: 10 Dec 2021, 19:14:22 UTC

Tom is probably pointing to the fact that everyone should be running version 7.2.10 or newer. There are a number of versions for different types of hardware and software that are not Windows 64 bit 7.16.20 compliant.

A full list of versions based on Hardware and OS is at the following location.

https://boinc.berkeley.edu/download_all.php

Thanks
Bill F
In October of 1969 I took an oath to support and defend the Constitution of the United States against all enemies, foreign and domestic;
There was no expiration date.


ID: 71460 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Tom Donlon
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist

Send message
Joined: 10 Apr 19
Posts: 408
Credit: 120,203,200
RAC: 0
Message 71464 - Posted: 10 Dec 2021, 23:11:18 UTC
Last modified: 10 Dec 2021, 23:12:24 UTC

Yes, sorry that's a typo. I mean version 7.2.10. I've edited the original post to make that clear!
ID: 71464 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Tom Donlon
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist

Send message
Joined: 10 Apr 19
Posts: 408
Credit: 120,203,200
RAC: 0
Message 71465 - Posted: 10 Dec 2021, 23:14:43 UTC

Also, yeah v7.2.10 is old. TLS 1.0 and 1.1 are pretty old too. I'm sure that there is a newer version of the BOINC client than 7.2.10 that you will want to upgrade to, but as long as you are using a more recent version of the client than 7.2.10 then you should be all set when we disable the old TLS versions on our end.
ID: 71465 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Frodo230

Send message
Joined: 11 Nov 10
Posts: 1
Credit: 2,916,864
RAC: 24
Message 71469 - Posted: 11 Dec 2021, 1:05:09 UTC - in response to Message 71455.  

No version 7.2.10 is advertised at Boinc at all.

only:
Only version 7.14.2
ID: 71469 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Bill F
Avatar

Send message
Joined: 4 Jul 09
Posts: 92
Credit: 17,289,755
RAC: 3,139
Message 71470 - Posted: 11 Dec 2021, 3:22:41 UTC - in response to Message 71469.  

No version 7.2.10 is advertised at Boinc at all.

only:
Only version 7.14.2



Yes for Windows 32 Bit the current version is 7.14.2 and it was released back in October of 2018. Version 7.2.10 is much older and would not be advertised anymore as it was released in August of 2013.

The intent it to get any "real" old users and systems to update to something newer before they change the system later this month, You are fine.

Bill F
In October of 1969 I took an oath to support and defend the Constitution of the United States against all enemies, foreign and domestic;
There was no expiration date.


ID: 71470 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile mikey
Avatar

Send message
Joined: 8 May 09
Posts: 3339
Credit: 524,010,781
RAC: 1
Message 71471 - Posted: 11 Dec 2021, 8:16:55 UTC - in response to Message 71469.  

No version 7.2.10 is advertised at Boinc at all.

only:
Only version 7.14.2


It's a Linux type numbering system ie 7.14.2 is NEWER than 7.2.2 because 14 is bigger than 2

You can always download the release and some beta version of Boinc here and if you scroll down far enough you will see the 7.2.? versions listed, not that anyone should still be using them of course. https://boinc.berkeley.edu/dl/?C=M;O=D
ID: 71471 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Bill F
Avatar

Send message
Joined: 4 Jul 09
Posts: 92
Credit: 17,289,755
RAC: 3,139
Message 71478 - Posted: 12 Dec 2021, 2:16:41 UTC
Last modified: 12 Dec 2021, 2:20:03 UTC

Taking a quick count of systems using BOINC versions older than 7.2.10 gives a count of about 79 systems. This is using statistics from the project.

URL source

https://milkyway.cs.rpi.edu/milkyway/host_stats.php?boinc_version=1

Considering that the Server stat's page shows 27,300 systems with recent credit 79 would be a very small number.

Bill F
In October of 1969 I took an oath to support and defend the Constitution of the United States against all enemies, foreign and domestic;
There was no expiration date.


ID: 71478 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile mikey
Avatar

Send message
Joined: 8 May 09
Posts: 3339
Credit: 524,010,781
RAC: 1
Message 71481 - Posted: 12 Dec 2021, 10:29:42 UTC - in response to Message 71478.  

Taking a quick count of systems using BOINC versions older than 7.2.10 gives a count of about 79 systems. This is using statistics from the project.

URL source

https://milkyway.cs.rpi.edu/milkyway/host_stats.php?boinc_version=1

Considering that the Server stat's page shows 27,300 systems with recent credit 79 would be a very small number.

Bill F


I never thought to look that up but that's cool and is a very small number
ID: 71481 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Luke126

Send message
Joined: 15 Nov 15
Posts: 4
Credit: 583,002
RAC: 0
Message 71513 - Posted: 15 Dec 2021, 13:22:04 UTC - in response to Message 71455.  

Tom,
What is the easiest way to accommodate this change ?
Bob
PS a non programmer
ID: 71513 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
.clair.

Send message
Joined: 3 Mar 13
Posts: 84
Credit: 779,527,712
RAC: 0
Message 71518 - Posted: 15 Dec 2021, 19:53:10 UTC - in response to Message 71513.  

Tom,
What is the easiest way to accommodate this change ?
Bob
PS a non programmer

I had a look at the list of your computers and they are all running versions of BOINC newer then the minimum , So, you don't need to do anything.
ID: 71518 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Tom Donlon
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist

Send message
Joined: 10 Apr 19
Posts: 408
Credit: 120,203,200
RAC: 0
Message 71522 - Posted: 15 Dec 2021, 21:31:45 UTC

All you need to do is look at the versions of BOINC that your machines are running. If those versions are 7.2.10 or higher (they almost certainly are), then you don't have to do anything. If those versions are lower, you will have to update BOINC.

(For example, 7.3.16 and 7.10.2 are higher, 7.1.1 would be lower - these may not be real versions, I just chose random numbers)
ID: 71522 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Tom Donlon
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist

Send message
Joined: 10 Apr 19
Posts: 408
Credit: 120,203,200
RAC: 0
Message 71536 - Posted: 17 Dec 2021, 16:16:28 UTC

TLS 1.0/1.1 has been disabled. Please let me know if you run into any connection problems.
ID: 71536 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote

Message boards : News : Planned Deprecation of TLS 1.0/1.1

©2024 Astroinformatics Group