Re: OpenSSL disables TLS 1.0 and 1.1
On Fri, Aug 11, 2017 at 02:52:56PM +0200, Marco d'Itri wrote:
> On Aug 11, Marco d'Itri <md@Linux.IT> wrote:
>
> > but I see on your link that Android pre-5.x still has a ~25% market
> > share, so unless it will drop a lot in the next year I do not think that
> > we can cut them off from Debian-based web servers.
> OTOH if the PCI council says that TLS < 1.2 has to go by june 2018 then
> this will probably not be such a big deal:
>
> https://www.fastly.com/blog/phase-two-our-tls-10-and-11-deprecation-plan/
>...
Based on the PCI document they are linking to[1], the claim that the
PCI council said that TLS 1.1 also has to go by june 2018 is not true:
The best response is to disable SSL entirely and migrate to a more
modern encryption protocol, which at the time of publication is a
minimum of TLS v1.1, although entities are strongly encouraged to
consider TLS v1.2.
> ciao,
> Marco
cu
Adrian
[1] https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Reply to: