Re: OpenSSL disables TLS 1.0 and 1.1
On Fri, Aug 11, 2017 at 02:52:56PM +0200, Marco d'Itri wrote:
> On Aug 11, Marco d'Itri <md@Linux.IT> wrote:
> > but I see on your link that Android pre-5.x still has a ~25% market
> > share, so unless it will drop a lot in the next year I do not think that
> > we can cut them off from Debian-based web servers.
> OTOH if the PCI council says that TLS < 1.2 has to go by june 2018 then
> this will probably not be such a big deal:
Based on the PCI document they are linking to, the claim that the
PCI council said that TLS 1.1 also has to go by june 2018 is not true:
The best response is to disable SSL entirely and migrate to a more
modern encryption protocol, which at the time of publication is a
minimum of TLS v1.1, although entities are strongly encouraged to
consider TLS v1.2.
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed