[asterisk-dev] ./configure --with-pjproject-bundled: GitHub changed/s to TLS 1.2-only!

[Matt Fredrickson]

On Sun, Jun 3, 2018 at 9:15 AM, Alexander Traud
<pabstraud at compuserve.com> wrote:
> Currently, Asterisk downloads the tarball of the PJProject not from the original source at Teluu but GitHub. GitHub forces the user to use HTTPs instead of HTTP. This is already an issue as described in ASTERISK-27665 because many tools authenticate the given certificate. Since February, GitHub even requires TLS v1.2: <https://githubengineering.com/crypto-removal-notice/>.
>
> By blind chance, the server used in third-party/pjproject/Makefile.rules was not affected by this change in February. Anyway, that could change any day without a word of caution. Still, that server forces HTTPs, too.
>
> Isn't it possible to move that tarball to a Digium server? This would avoid the TLS v1.2-only issue and solve ASTERISK-27665 the cleanest way.

Good question!  Is there any way to tell how many current-ish
linux/*nix distributions lack TLS 1.2 support and would be impacted by
github's change?  If it's a large enough number, I think there'd be
some interest in looking further at the problem.


-- 
Matthew Fredrickson
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA