Re: OpenSSL disables TLS 1.0 and 1.1
Marco d'Itri <md@Linux.IT> writes:
> But as it has been noted there is more than HTTP, so totally removing
> support for 1.0/1.1 may still not be appropriate.
Adding a data point here, my employer (Dropbox) is reasonably aggressive
about SSL configuration, but based on the usage we see, we've not yet been
comfortable with dropping TLS 1.0 and 1.1. Maybe we will be by the end of
the buster release cycle, but that isn't entirely clear to me. Google,
Amazon, Microsoft, and the EFF all also still support TLS 1.0/1.1 on their
primary web sites, for whatever that's worth.
A good external validation for when industry best practice is willing to
drop TLS 1.0/1.1 support is when Qualys SSL Labs
(https://www.ssllabs.com/ssltest/) starts lowering the grade below A+ for
sites that have TLS 1.0/1.1 enabled. They still haven't been willing to
take that step, and I think they're a reasonable lagging indicator for
current accepted best SSL practice.
That doesn't mean we can't make it very easy to disable TLS 1.0/1.1 or
encourage people to do that when possible, of course. It would be great
for us to try to lead the way and push things forward a bit. But I think
we're still going to have to make it very easy to enable TLS 1.0/1.1 for a
lot of people and applications for a bit longer.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>