[Freeswitch-users] unable to clone master " git clone https://freeswitch.org/stash/scm/fs/freeswitch.git"

Michael Giagnocavo mgg at giagnocavo.net
Sat Oct 3 04:51:28 MSD 2015


Get a better payment processor? Stripe should have you running in no time. Or ask your payment processor for a citation? They are rather confused if they are insisting that anything that says FreeSWITCH must only be available over TLS1.2. Perhaps they are talking about the site as it currently is.

You do accept plaintext CC numbers – that is, your server decrypts them and has them in memory. That forces the entire server, network, etc. into scope. That’s why people split things off. Or even better, use a system like BrainTree or Stripe that does the encryption on the client side (or worst case, does a redirect or something), so that card numbers never hit your server. Then your compliance work is almost nil.

Anyways, simple proof your processor is simply wrong: Everyone else in the universe has websites that work without SSL at all (plain HTTP), yet still manage to have checkout. All of Amazon.com, for instance, is non-SSL, except account management and payment.

Do you have a citation for Chrome dropping support for any website that offers TLS1.1 in addition to 1.2? I can’t see the logic there and it sound interesting.

-Michael

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Brian West
Sent: Friday, October 2, 2015 7:27 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] unable to clone master " git clone https://freeswitch.org/stash/scm/fs/freeswitch.git"

Yea and having the payment processor show up at my house to take pictures to make sure we were not selling porn or drugs was also a little extreme, sadly they did say ALL public facing TLS MUST be 1.2,  and chrome is about to drop the hammer too.  We also do not store credit card data anywhere on our network!  Yet they said we MUST!

So we do it or we stop taking payments and just shut it all down, also sub optimal!



/b

On Friday, October 2, 2015, Michael Giagnocavo <mgg at giagnocavo.net<mailto:mgg at giagnocavo.net>> wrote:
The PCI change to require TLS 1.2 doesn’t further increase scope. The first step to dealing with PCI is to segment so as to drastically reduce scope. If the git and FS project infrastructure is in PCI scope, then there’s all sorts of things that’d apply to dealing with that server. Tons of procedures, separation of abilities, etc., that would make managing FS.org extremely difficult.

Did they give you a quote from the relevant PCI section where they insist everything you do in the world has to be TLS 1.2 if some unrelated part of the org takes CC? (And really, why even bother taking PAN; let Stripe or BrainTree encrypt it client-side and deal with that so nearly nothing falls into scope.)

-Michael

From: freeswitch-users-bounces at lists.freeswitch.org<javascript:_e(%7B%7D,'cvml','freeswitch-users-bounces at lists.freeswitch.org');> [mailto:freeswitch-users-bounces at lists.freeswitch.org<javascript:_e(%7B%7D,'cvml','freeswitch-users-bounces at lists.freeswitch.org');>] On Behalf Of Brian West
Sent: Wednesday, September 30, 2015 10:07 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org<javascript:_e(%7B%7D,'cvml','freeswitch-users at lists.freeswitch.org');>>
Subject: Re: [Freeswitch-users] unable to clone master " git clone https://freeswitch.org/stash/scm/fs/freeswitch.git"

Nope, all public facing systems have to be TLS 1.2, apparently you've never had the barrel of a payment processing company pointed at you. You do what they say or you don't take payments.

On Wednesday, September 30, 2015, Sergey Safarov <s.safarov at gmail.com<javascript:_e(%7B%7D,'cvml','s.safarov at gmail.com');>> wrote:

Or separate merchand engine to subdomain with strong TLS and revert TLS for rest site.

On Thu, Oct 1, 2015, 06:56 Sergey Safarov <s.safarov at gmail.com<mailto:s.safarov at gmail.com>> wrote:

I can recomend prepare special subdomain for git repo, proxy this supdomain to current repo url and enable on this domain typical SSL protocols.

On Wed, Sep 30, 2015, 20:55 Ken Rice <krice at freeswitch.org<mailto:krice at freeswitch.org>> wrote:
GitHub is not compatible with our source tree… and anyone can use ssh still so its not really a problem

From: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Stanislav Sinyagin
Sent: Wednesday, September 30, 2015 12:43 PM

To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org<mailto:freeswitch-users at lists.freeswitch.org>>
Subject: Re: [Freeswitch-users] unable to clone master " git clone https://freeswitch.org/stash/scm/fs/freeswitch.git"


Maybe an officially supported and fully synchronized clone at github would make sense.
On Sep 30, 2015 6:57 PM, "Mario" <mario_fs at mgtech.com<mailto:mario_fs at mgtech.com>> wrote:
Just to add to this topic…. Today I was going to do one last FreeSwitch build and test on OS X 10.6 and 10.7 to update the wiki before retiring those wiki pages. I could not git clone and I could not even access freeswitch.org<http://freeswitch.org>. After research and seeing this thread I found TLS 1.2 is missing from not only 10.6 and 10.7 but also 10.8. After some research I found there is no way to add TLS 1.2 to 10.8 so I will be retiring that as well. So this makes my wiki updates a little easier!
Mario G


On Sep 29, 2015, at 3:07 AM, Shabbir abbasi <shabbirabbasi92 at gmail.com<mailto:shabbirabbasi92 at gmail.com>> wrote:

i have created my account on  https://freeswitch.org/jira
then i have used that details to login on   https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse
after login goto manage my account setting  and aded ssh keys
https://freeswitch.org/stash/plugins/servlet/ssh/account/keys
after that  in terminal  git clone   ssh://git@freeswitch.org:7999/fs/freeswitch.git<http://git@freeswitch.org:7999/fs/freeswitch.git>  is working for me

On Tue, Sep 29, 2015 at 1:04 PM, Vikas Kumar <Vikas.Kumar1 at timesinternet.in<mailto:Vikas.Kumar1 at timesinternet.in>> wrote:
What were the steps you followed while cloning using ssh.

From: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Shabbir abbasi
Sent: 28 September 2015 11:29
To: FreeSWITCH Users Help

Subject: Re: [Freeswitch-users] unable to clone master " git clone https://freeswitch.org/stash/scm/fs/freeswitch.git"


got success  via  ssh

On Mon, Sep 28, 2015 at 10:27 AM, Michael Giagnocavo <mgg at giagnocavo.net<mailto:mgg at giagnocavo.net>> wrote:
Or… re-enable TLS1 and 1.1 with downgrade protection and problem solved with no security issues?

From: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Ken Rice
Sent: Sunday, September 27, 2015 12:37 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org<mailto:freeswitch-users at lists.freeswitch.org>>
Subject: Re: [Freeswitch-users] unable to clone master " git clone https://freeswitch.org/stash/scm/fs/freeswitch.git"

Upgrate to debian 8 or centos 7, or clone over ssh (you'll need to create an account for the later)

Sent from my iPhone

On Sep 27, 2015, at 1:25 PM, Shabbir abbasi <shabbirabbasi92 at gmail.com<mailto:shabbirabbasi92 at gmail.com>> wrote:
any solution ?

On Sun, Sep 27, 2015 at 11:17 PM, Michael Jerris <mike at jerris.com<mailto:mike at jerris.com>> wrote:
cent 6 might not have TLS 1.2 support.


On Sunday, September 27, 2015, Shabbir abbasi <shabbirabbasi92 at gmail.com<mailto:shabbirabbasi92 at gmail.com>> wrote:
Dear michael,
CentOS release 6.7 (Final)
Linux localhost.localdomain 3.10.40-1.el6.elrepo.i686
after   Yum update
export GIT_CURL_VERBOSE=1
now error is
git  clone    https://freeswitch.org/stash/scm/fs/freeswitch.git
Initialized empty Git repository in /usr/src/freeswitch/.git/
* Couldn't find host freeswitch.org<http://freeswitch.org/> in the .netrc file; using defaults
* About to connect() to freeswitch.org<http://freeswitch.org/> port 443 (#0)
*   Trying 209.105.235.6... * Connected to freeswitch.org<http://freeswitch.org/> (209.105.235.6) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12190
* Expire cleared
* Closing connection #0
* Couldn't find host freeswitch.org<http://freeswitch.org/> in the .netrc file; using defaults
* About to connect() to freeswitch.org<http://freeswitch.org/> port 443 (#0)
*   Trying 209.105.235.6... * Connected to freeswitch.org<http://freeswitch.org/> (209.105.235.6) port 443 (#0)
* NSS error -12190
* Expire cleared
* Closing connection #0
error:  while accessing https://freeswitch.org/stash/scm/fs/freeswitch.git/info/refs

fatal: HTTP request failed


On Sun, Sep 27, 2015 at 10:18 PM, Michael Jerris <mike at jerris.com<mailto:mike at jerris.com>> wrote:
what operating system is this?


On Sunday, September 27, 2015, Shabbir abbasi <shabbirabbasi92 at gmail.com<mailto:shabbirabbasi92 at gmail.com>> wrote:
 git clone https://freeswitch.org/stash/scm/fs/freeswitch.git

Initialized empty Git repository in /usr/src/freeswitch/.git/
error: SSL write: error -5938 while accessing https://freeswitch.org/stash/scm/fs/freeswitch.git/info/refs

fatal: HTTP request failed
any solution  ?

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>

Official FreeSWITCH Sites
http://www.freeswitch.org<http://www.freeswitch.org/>
http://confluence.freeswitch.org<http://confluence.freeswitch.org/>
http://www.cluecon.com<http://www.cluecon.com/>

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org<http://www.freeswitch.org/>


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>

Official FreeSWITCH Sites
http://www.freeswitch.org<http://www.freeswitch.org/>
http://confluence.freeswitch.org<http://confluence.freeswitch.org/>
http://www.cluecon.com<http://www.cluecon.com/>

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org<http://www.freeswitch.org/>

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>

Official FreeSWITCH Sites
http://www.freeswitch.org<http://www.freeswitch.org/>
http://confluence.freeswitch.org<http://confluence.freeswitch.org/>
http://www.cluecon.com<http://www.cluecon.com/>

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<http://lists.freeswitch.org/mailman/options/freeswitch-users>
http://www.freeswitch.org<http://www.freeswitch.org/>

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>

Official FreeSWITCH Sites
http://www.freeswitch.org<http://www.freeswitch.org/>
http://confluence.freeswitch.org<http://confluence.freeswitch.org/>
http://www.cluecon.com<http://www.cluecon.com/>

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org<http://www.freeswitch.org/>


Disclaimer :-

The information in this e-mail and any attachments is confidential and may be

legally privileged. It is intended solely for the addressee or addressees. If you are

not an intended recipient, please delete the message and any attachments and

notify the sender of misdelivery. Any use or disclosure of the contents of either is

unauthorised and may be unlawful. All liability for viruses is excluded to the fullest

extent permitted by law. Any views expressed in this message are those of the

individual sender, except where the sender states them, with requisite authority, to

be those of the specific TIMES GROUP company.


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>

Official FreeSWITCH Sites
http://www.freeswitch.org<http://www.freeswitch.org/>
http://confluence.freeswitch.org<http://confluence.freeswitch.org/>
http://www.cluecon.com<http://www.cluecon.com/>

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org<http://www.freeswitch.org/>

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


--

Brian West
brian at freeswitch.org<javascript:_e(%7B%7D,'cvml','brian at freeswitch.org');>

[http://billing.freeswitch.org/templates/default/img/whmcslogo.png]

Twitter: @FreeSWITCH , @briankwest
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

Got Bugs? Report them here<https://freeswitch.org/jira>! | Reddit: /r/freeswitch<https://www.reddit.com/r/freeswitch>

T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
iNUM:+883 5100 1420 9001 | ISN:410*543 | Skype:briankwest



--

Brian West
brian at freeswitch.org<mailto:brian at freeswitch.org>

[http://billing.freeswitch.org/templates/default/img/whmcslogo.png]

Twitter: @FreeSWITCH , @briankwest
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

Got Bugs? Report them here<https://freeswitch.org/jira>! | Reddit: /r/freeswitch<https://www.reddit.com/r/freeswitch>

T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
iNUM:+883 5100 1420 9001 | ISN:410*543 | Skype:briankwest

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151003/1d726a1f/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list