[Jenkins-infra] Certificates renewal & expiration
Daniel Beck
ml at beckweb.net
Sat Jan 11 00:07:23 UTC 2020
> On 3. Jan 2020, at 12:12, Olblak <me at olblak.com> wrote:
>
> Regarding repo.jenkins-ci.org, the main reasons why we didn't switch it to Letsencrypt was because of some older java versions not supported by Letsencrypt cfr (Java 8 < 8u101 and Java 7 < 7u111)
> While I don't have access to the number of those older java versions used, I doubt it's really high in our case
Out of the box, Java 7 doesn't even support the required TLS version (1.2) anymore without some system property hackery. I learned this when I filed the HTTPS URL PRs a while back, and some PR builds failed with 'fatal error: protocol_version' because they still built with Java 7.
8u101 for Lets Encrypt cert support on updates.jenkins.io has been required by Jenkins itself for more than 2 years, since 2.77.
I don't really see a reason to continue to support these ancient releases.
More information about the Jenkins-infra
mailing list