On Fri, Jan 19, 2024 at 06:21:13PM +0900, Kazu Yamamoto (山本和彦) via Haskell-Cafe wrote:
Hi Viktor,
I'd very much prefer that support for TLS 1.0/1.1 not be removed. Any chance you could find some way to explicitly keep these protocol versions enabled?
The answer is no.
You might want to stick to tls v1.9.x.
That's unfortunate.
P.S.
According tests with Qualys SSL Labs, the following browsers cannot communicate with tls v2.0.0:
IE 11 / Win 7 IE 11 / Win 8.1 IE 11 / Win Phone 8.1 IE 11 / Win Phone 8.1 Update Safari 6 / iOS 6.0.1 Safari 7 / iOS 7.1 Safari 7 / OS X 10.9 Safari 8 / iOS 8.4 Safari 8 / OS X 10.10
They are quite outdated.
TLS is not just for the web. There are various application ecosystems that are noticeably less agile than web browsers, and substantially not at risk from the various browser-related attacks on TLS 1.0. Note that barring new handshake downgrade attacks, security is improved by raising the ceiling (making more secure options available and on by default) than by raising the floor (possibly leading to some communication using cleartext instead). The suggestion that I should consider cleartext instead of TLS 1.0 is a clear case of letting the perfect be the enemy of the good. In RFC 7435, I made a case for a more practical approach. -- Viktor.