Upcoming SSL/TLS security updates / old BOINC client support

tl;dr:

• Minimum BOINC version as of Nov. 27th 2019: 7.4.36
• Minimum BOINC version as of May  25th 2020: 7.10
• Minimum BOINC version as of July    8th 2020: 7.2.4 (if using OpenSSL >= 1.0.1) or 7.4.36

Hi everyone,

in our continuing effort to protect your data and our infrastructure we plan to remove support for the outdated TLS 1.0 and 1.1 protocols and also use a revised list of supported encryption cipher suites. What does that mean?

Whenever your web browser or BOINC client software connects to our servers an encrypted connection is being negotiated. We are configuring our servers such that the latest security best practices are in place. This can cause problems if you are using outdated, and thus insecure, web browsers or BOINC clients. Such outdated software won't be able to connect to our servers anymore but it's in your own best interest to update those anyway - now's probably a good opportunity to do so. Those who regularly update their software shouldn't run into any problems.

The minimum known supported version of BOINC will be 7.4.36 (using OpenSSL >= 1.0.1). If you want to test things you may do so right now, over at our test project albertathome.org. Please report back (here) any SSL/TLS-related connection issue you come across.

If all goes according to plan we intend to go live with the new settings on November 27th.

Looking ahead: by the end of May 2020 the old SSL/TLS certificate authority we still support for old clients (< 7.10) will expire and there's nothing we can do about that. At that time we won't be able to support those old clients anymore. Please make sure you update your BOINC client in time.
 

UPDATE below!
New UPDATE below!

Cheers, Oliver