Author Topic: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020  (Read 415 times)

0 Members and 1 Guest are viewing this topic.

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 7918
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
This came in this morning via https://www.weather.gov/media/notification/SCN20-60_NWS_Website_Enforce_TLS.pdf

Quote
Subject: Enforce TLS 1.2 or Higher on Several NWS Websites
Effective date: July 27, 2020

Effective on or about July 27, 2020, beginning at 1400 Coordinated Universal Time (UTC), the National Centers for Environmental Prediction (NCEP) Central Operations (NCO) will enforce Transport Layer Security (TLS) 1.2 or higher connections to the websites listed below.
The following websites will be affected:
---
weather.gov*
airquality.weather.gov
alerts.weather.gov
api.weather.gov
aviationweather.gov*
digital.weather.gov
forecast.weather.gov
graphical.weather.gov
marine.weather.gov
mobile.weather.gov
preview.weather.gov
preview-api.weather.gov
radar.weather.gov
water.weather.gov
f1.weather.gov
w1.weather.gov
w2.weather.gov
---
www.nws.noaa.gov
nowcoast.noaa.gov
new.nowcoast.noaa.gov
ssd.wrh.noaa.gov
www.wrh.noaa.gov
wwwx.wrh.noaa.gov
---
idpgis.ncep.noaa.gov
---
tsunami.gov*

---
Where “*” also includes “www.”
Any browsers or services that do not support TLS 1.2 or greater and access these sites will need to begin support of TLS 1.2 or greater in order to avoid service interruption.

The Saratoga PHP scripts that use NWS data all use PHP's built-in cURL or stream access to obtain data from NWS sites,
so your website's PHP/cURL version should be up-to-date to have the scripts continue to operate.

To make sure your website is TLS1.2 capable, create a page with
Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>PHP Info</title>
</head>
<body>
<?php phpinfo(); ?>
</body>
</html>
on it, display the page in your browser and look for
Quote
Registered Stream Socket Transports   tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2

If you don't see the tlsv1.2 upgrade your PHP to V7+ or contact your webhoster to have PHP updated.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Boltek-PCI/NexStorm, microSferics ToA, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge/hub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline Forever

  • Senior Contributor
  • ****
  • Posts: 152
Re: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020
« Reply #1 on: June 30, 2020, 06:40:45 PM »
I have been lazy and my server is still on 5.6.40.

Time to upgrade. :)

Offline Silversword

  • --Stan Y.
  • Forecaster
  • *****
  • Posts: 466
    • Up Country Maui Weather
Re: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020
« Reply #2 on: June 30, 2020, 09:18:30 PM »
Hi Ken,

Thanks for the heads up and looks like I am good to go with the server I am using.

Thanks for the script to see the if it is on my web site server.

Aloha,

--Stan Y.
   Maui, Hawaii
Stan Y. - KH6HHG - Maui, Hawaii --- Blitzortung ID: 993 --- FlightRadar24 ID: F-PHOG1
Weather Display 10.37s Build 70
WDL 6.05
MS Windows 7 Pro
Dell Optiplex GX280-Intel Pentium 4 CPU 3.00GHz, 4 GB RAM
Davis Vantage Pro 2+ Wireless
1-Wire Lighting
Webcam: Axis 211

Offline the beteljuice

  • the beteljuice
  • Senior Contributor
  • ****
  • Posts: 225
    • test site
Re: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020
« Reply #3 on: June 30, 2020, 09:32:42 PM »
the beteljuice sees clouds on the horizon ...  #-o
Imagine what you will KNOW tomorrow !

Offline rrrick8

  • Senior Contributor
  • ****
  • Posts: 172
    • Vermilion weather
Re: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020
« Reply #4 on: July 01, 2020, 06:27:19 AM »
I have been lazy and my server is still on 5.6.40.

Time to upgrade. :)

I'm using 5.6.40 and mine shows
Registered Stream Socket Transports   tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
Severe Weather Manager-Vermilion County EMA
CWOP-CW9931 KILDANVI5

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 7918
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020
« Reply #5 on: July 01, 2020, 12:20:17 PM »
Since PHP 5.6 stopped getting active support Jan 1, 2019, it's still a good idea to move to PHP 7.4 (current release)

https://www.php.net/supported-versions.php
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Boltek-PCI/NexStorm, microSferics ToA, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge/hub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline 92merc

  • BismarckWeather.net
  • Forecaster
  • *****
  • Posts: 917
  • BismarckWeather.net
    • BismarckWeather.net
Re: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020
« Reply #6 on: July 01, 2020, 02:53:23 PM »
I see GoDaddy finally put 7.4 up.  I tested both 7.3 and 7.4 with the test script.  Both stop at TLS 1.2.  No 1.3 like my NGINX server.
https://www.BismarckWeather.net
Davis VP2, Cumulus, WeatherDisplay, Blitzortung, Bloomsky, Saratoga Scripts, NOAA Stream via PI

Offline tmabell

  • Forecaster
  • *****
  • Posts: 302
Re: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020
« Reply #7 on: July 01, 2020, 08:28:12 PM »
I'm running PHP 7.4.5 and I see this:    tcp, udp, ssl, tls, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3

Offline miraculon

  • Sunrise Side Weather
  • Forecaster
  • *****
  • Posts: 3629
  • KE8DAF
    • Sunrise Side Weather in Rogers City MI USA
Re: USA heads-up: NWS sites to enforce TLS1.2+ for access 27-Jul-2020
« Reply #8 on: July 02, 2020, 08:37:04 AM »
Thanks for the heads-up, Ken.

I have PHP Version 7.2.29 and it shows the tlsv1.2 OK. I use hosting24.

Thanks for the tool to check the TLS.

Greg H.


Blitzortung Stations #706 and #1682
CoCoRaHS: MI-PI-1
CWOP: CW4114 and KE8DAF-13
WU: KMIROGER7
Amateur Radio Callsign: KE8DAF