[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL disables TLS 1.0 and 1.1

On Fri, Aug 11, 2017 at 02:52:56PM +0200, Marco d'Itri wrote:
> On Aug 11, Marco d'Itri <md@Linux.IT> wrote:
> > but I see on your link that Android pre-5.x still has a ~25% market 
> > share, so unless it will drop a lot in the next year I do not think that 
> > we can cut them off from Debian-based web servers.
> OTOH if the PCI council says that TLS < 1.2 has to go by june 2018 then 
> this will probably not be such a big deal:
> https://www.fastly.com/blog/phase-two-our-tls-10-and-11-deprecation-plan/

Based on the PCI document they are linking to[1], the claim that the
PCI council said that TLS 1.1 also has to go by june 2018 is not true:

  The best response is to disable SSL entirely and migrate to a more 
  modern encryption protocol, which at the time of publication is a
  minimum of TLS v1.1, although entities are strongly encouraged to 
  consider TLS v1.2.

> ciao,
> Marco


[1] https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf


       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to: