https://arstechnica.com/gadgets/2018/10 ... d-tls-1-0/
I can understand deprecating TLS 1.0, and in fact disable it in my own browser much of the time. But is there specific problem(s) with TLS 1.1 that result in it being deprecated as well?
TLS 1.0 and 1.1 are slated for the chopping block
TLS 1.0 and 1.1 are slated for the chopping block
*Always* check the changelogs BEFORE updating that important software!
-
Re: TLS 1.0 and 1.1 are slated for the chopping block
I don't recall what the reason was for 1.1.
Perhaps poodle or something like that?
Anyhow, you should be using 1.3 .
(SeaMonkey 2.49 does not support the latest draft [or final]. SeaMonkey 2.53 should support the latest draft [if not the final].)
Can tls 1.3 be enabled in Fx 52.9 ESR?
Perhaps poodle or something like that?
Anyhow, you should be using 1.3 .
(SeaMonkey 2.49 does not support the latest draft [or final]. SeaMonkey 2.53 should support the latest draft [if not the final].)
Can tls 1.3 be enabled in Fx 52.9 ESR?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: TLS 1.0 and 1.1 are slated for the chopping block
About time, they have coddled everyone long enough. 1.1 as vulnerable and 1.2 is the lowest secure at the moment, so might as well pull the bandaid.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; rv:62.0) Gecko/20100101 Firefox/66.0
Re: TLS 1.0 and 1.1 are slated for the chopping block
I have no idea the status of TLS 1.3 support in Waterfox. It's at least not enabled by default.therube wrote:Anyhow, you should be using 1.3 .
(FWIW Waterfox about:support says it uses NSS version 3.32.1)
EDIT It seems not supported yet. Setting security.tls.version.max to 4 and trying to connect to https://tls13.crypto.mozilla.org/ doesn't work. And TLS 1.3 final support isn't implemented in NSS until version 3.39 - https://developer.mozilla.org/docs/Mozi ... n_NSS_3.39
What vulnerabilities specifically?GµårÐïåñ wrote: 1.1 as vulnerable
*Always* check the changelogs BEFORE updating that important software!
-
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: TLS 1.0 and 1.1 are slated for the chopping block
It is in draft and while much better, has a lot of implementation to get out of the way first, 1.2 is the best and most secure hover point for now.barbaz wrote:I have no idea the status of TLS 1.3 support in Waterfox. It's at least not enabled by default.therube wrote:Anyhow, you should be using 1.3 .
More like rotted foundation, even though the structure is still standing. There is no "real" security issue in TLS 1.1 that TLS 1.2 fixes. However, there are changes and improvements, which can be argued to qualify as "fixing". Mainly: The PRF in TLS 1.1 is based on a combination of MD5 and SHA-1. Both MD5 and SHA-1 are, as cryptographic hash functions, broken. However, the way in which they are broken does not break the PRF of TLS 1.1. There is no known weakness in the PRF of TLS 1.1 (nor, for that matter, in the PRF of SSL 3.0 and TLS 1.0). Nevertheless, MD5 and SHA-1 are "bad press". TLS 1.2 replaces both with SHA-256 (well, actually it could be any other hash function, but in practice it is SHA-256).What vulnerabilities specifically?
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; rv:62.0) Gecko/20100101 Firefox/66.0
Re: TLS 1.0 and 1.1 are slated for the chopping block
Thanks GµårÐïåñ
*Always* check the changelogs BEFORE updating that important software!
-
Re: TLS 1.0 and 1.1 are slated for the chopping block
For Waterfox, from https://www.ssllabs.com/ssltest/viewMyClient.html
Not good if it allows 1.0. Just set security.tls to from 1 to 3 (security.tls.version.min;3)
Not good if it allows 1.0. Just set security.tls to from 1 to 3 (security.tls.version.min;3)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0; Waterfox) Gecko/20100101 Firefox/56.2.5
-
- Posts: 11
- Joined: Sun Jan 27, 2019 5:39 pm
Re: TLS 1.0 and 1.1 are slated for the chopping block
Mozilla/5.0 (X11; FreeBSD amd64; rv:65.0) Gecko/20100101 Firefox/65.0 Waterfox/56.2.7