On Fri, 25 Mar 2016 16:50, Eero Volotinen wrote:> > Stop paranoia? Tlsv1.0 is not recommended when storing credit card data. > > Eero > Hi List, > > Does anyone know why the above URL is still using TLS V1.0. > > I can't connect to it unless I enable TLS V1.0 which I was under the > impression that it should not be used > anymore. > > Thanks for any enlightenment. > > Steve@Eero: IMHO you are missing some points here. There are more and more browsers that are unable to use SSL{2,3} as well as TLS1.0, not just disabled via config, but this decission was made at compile time. Newer Android and Apple-iOS devices for example. And the point is not that the site supports TLS1.0, but that it does not support TLS1.1 and/or TLS 1.2, and as such is incassessible to devices that ask for TLS1.1 as minimum for HTTPS. But that is for the admins/webmasters of the servers to resolve. - Yamaban
> @Eero: IMHO you are missing some points here. There are more and more > browsers that are unable to use SSL{2,3} as well as TLS1.0, not just > disabled via config, but this decission was made at compile time. > Newer Android and Apple-iOS devices for example. > >This is not true. it works fine with latest android and ios. I just tested it.> And the point is not that the site supports TLS1.0, but that it does > not support TLS1.1 and/or TLS 1.2, and as such is incassessible > to devices that ask for TLS1.1 as minimum for HTTPS. > > But that is for the admins/webmasters of the servers to resolve.Many sites are still using centos 5 and clones and cannot support tls 1.2 and tls 1.1 without upgrade. -- Eero
On 25.03.2016 17:29, Eero Volotinen wrote:>> @Eero: IMHO you are missing some points here. There are more and more >> browsers that are unable to use SSL{2,3} as well as TLS1.0, not just >> disabled via config, but this decission was made at compile time. >> Newer Android and Apple-iOS devices for example. >> >> > This is not true. it works fine with latest android and ios. I just tested > it.The latest version of Android is Marshmallow and currently is only installed on 2.3% of the devices out there: http://developer.android.com/about/dashboards/index.html You cannot just support the latest version of a client if your site is accessed by regular users out there.> >> And the point is not that the site supports TLS1.0, but that it does >> not support TLS1.1 and/or TLS 1.2, and as such is incassessible >> to devices that ask for TLS1.1 as minimum for HTTPS. >> >> But that is for the admins/webmasters of the servers to resolve. > > > Many sites are still using centos 5 and clones and cannot support tls 1.2 > and tls 1.1 without upgrade.Then they might be forced to upgrade to a newer CentOS version. If you only run your personal blog then you can of course whatever you want but if you run a commercial site then the OS you can run depends on what the clients support and not the other way around. Regards, Dennis