On 19.01.24 09:17, Viktor Dukhovni wrote:
On Fri, Jan 19, 2024 at 08:19:06AM +0100, Jo Durchholz wrote:
On 19.01.24 02:51, Viktor Dukhovni wrote:
I'd very much prefer that support for TLS 1.0/1.1 not be removed. Any chance you could find some way to explicitly keep these protocol versions enabled?
Could you switch to unencrypted connections?
In fact, no.
What's holding you back?
As far as my current knowledge goes, 1.x TLS isn't significantly safer than unencrypted anyway.
That's far from accurate. TLS 1.0, though dated, is quite adequate for many non-browser applications.
Well... sort-of. It depends on SHA-1 for initial handshake and peer authentication (both relevant to prevent man-in-the-middle attacks), and the best known algorithms to break it still require ~100 GPU years of compute power. However, there's that risk that some improved algorithm takes this attack vector from "merely feasible" to "routine". This could happen any day, or may already have happened but is being kept secret. I don't know if this is a relevant concern for the data you're dealing with. You'll have to think about the consequences if that data is decrypted or manipulated. BTW validating that a concern does not apply is more work than simply upgrading, in the vast majority of cases. Regards, Jo