TLS1.1 display to yellow #230
Comments
|
I suggest that the display of TLS1.1 be yellow.
Why?
|
|
I did some research on this, and found that the major browsers announced their intention to deprecate TLSv1.1 back in October 2018 (see blog entries from Google, Microsoft, and Apple). Google Chrome already blocks TLS v1.1 connections as of March 2020, and Microsoft Edge will follow suit in Spring 2021. Here's a quote from Microsoft's blog that explains the rationale:
Here's the IETF draft document that deprecates TLS v1.0 and v1.1: https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-11. @rbsec: Shall we add "display TLSv1.1 in yellow" to the todo list? |
|
@jtesta TLS 1.1 often seems like a pointless protocol to support, because it's very rare to find anything that supports it and doesn't also support 1.2. However, with the lack of any real security vulnerabilities in it, it's a little trickier to justify warning about it. Looking at the status of that IETF document, it looks like it's undergone most of the reviews and is in the "Submitted to IESG for Publication" state. I'm not too familiar with their process - but I imagine that this means it's fairly near to publication. I wonder if it's worth waiting until they actually publish it? On the other hand, with browsers dropping support and the deprecation expected soon, that seems like a reasonable argument to do it now. Although it's probably worth making this kind of change at the same time as the ones discussed in #225, so we're doing it all at the same time. |
|
From NSA : ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF |
|
Fully deprecated: March 2021 |
I suggest that the display of TLS1.1 be yellow.
The text was updated successfully, but these errors were encountered: