On Thu, May 14, 2015, at 05:19, Adam Major wrote:> Hello > > I checked now by sslLabs.com: > https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org > > and score is A+ > > But I don't think disable TLS 1.0 is ok. >TLS 1.0 is dead and is even now banned in new installations according to the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported by *any* HTTPS site now.
On 14 May 2015 at 06:08, Mark Felder <feld at freebsd.org> wrote:> > > On Thu, May 14, 2015, at 05:19, Adam Major wrote: >> Hello >> >> I checked now by sslLabs.com: >> https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org >> >> and score is A+ >> >> But I don't think disable TLS 1.0 is ok. >> > > TLS 1.0 is dead and is even now banned in new installations according to > the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported > by *any* HTTPS site now.Here, here! We ONLY have 1.0 enabled until the hardware vendor can upgrade their software. I'm looking to celebrate the day when we have 1.1 and 1.2 enabled. -- ------- inum: 883510009027723 sip: jungleboogie at sip2sip.info xmpp: jungle-boogie at jit.si
Hello>> But I don't think disable TLS 1.0 is ok. >> > > TLS 1.0 is dead and is even now banned in new installations according to > the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported > by *any* HTTPS site now.Maybe is dead but is used in many old browser / software still used. In PCI DSS 3.1 merchants must remove SSL and TLS 1.0 to 30 June 2016. (new installations "in theory" should not be built on TLS 1.0). So we have 1 year and FreeBSD forum is not e-commerce site ;) Best Regards.