[Jenkins-infra] Certificates renewal & expiration

Daniel Beck ml at beckweb.net
Sat Jan 11 00:07:23 UTC 2020



> On 3. Jan 2020, at 12:12, Olblak <me at olblak.com> wrote:
> 
> Regarding repo.jenkins-ci.org, the main reasons why we didn't switch it to Letsencrypt was because of some older java versions not supported by Letsencrypt cfr (Java 8 < 8u101 and Java 7 < 7u111)
> While I don't have access to the number of those older java versions used, I doubt it's really high in our case

Out of the box, Java 7 doesn't even support the required TLS version (1.2) anymore without some system property hackery. I learned this when I filed the HTTPS URL PRs a while back, and some PR builds failed with 'fatal error: protocol_version' because they still built with Java 7.

8u101 for Lets Encrypt cert support on updates.jenkins.io has been required by Jenkins itself for more than 2 years, since 2.77.

I don't really see a reason to continue to support these ancient releases.



More information about the Jenkins-infra mailing list