|
TLS 1.0/1.1 being phased out by browsers in 2 months. Are you ready?
There's a change coming in January 2020 which could result in problems with HTTPS sites. :warning
https://www.entrustdatacard.com/blog...eprecating-tls Your server needs to support at least TLS 1.2, and preferably also the current 1.3. If not, by early next year, people with modern (and updated) browsers will refuse to load your site. If you have a HTTPS site that's a few years old, you may need to upgrade the software, or modify your config. Wouldn't hurt to give everything a once-over anyway; my server already supported TLS 1.2, but I upgraded Apache so that I could enable TLS 1.3. |
Not this shit again lol. I guess it will be enough to update package openssl ?
|
Quote:
Even though it's experimental the major browsers already support it. I saw 70%+ of IPs switch to 1.3 once I had upgraded. It's important to note that even though modern browsers have moved to TLS 1.2/1.3 by default, there's still some oddball and obsolete browsers which only support 1.0 or 1.1. So unless you're accepting credit card or personal info - the older versions are insecure - it may be worth considering still supporting those. |
Bearing in mind the caveat I mentioned above, this page shows how to move forward and cleanly negotiate only TLS 1.2+
https://tecadmin.net/enable-tls-in-modssl-and-apache/ The important line in httpd.conf is SSLProtocol -all +TLSv1.2 +TLSv1.3 |
| All times are GMT -7. The time now is 01:25 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123