[Haskell-cafe] heads-up: tls v2.0.0

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Jan 19 09:32:57 UTC 2024


On Fri, Jan 19, 2024 at 06:21:13PM +0900, Kazu Yamamoto (山本和彦) via Haskell-Cafe wrote:
> Hi Viktor,
> 
> > I'd very much prefer that support for TLS 1.0/1.1 not be removed.  Any
> > chance you could find some way to explicitly keep these protocol
> > versions enabled?
> 
> The answer is no.
> 
> You might want to stick to tls v1.9.x.

That's unfortunate.

> 
> P.S.
> 
> According tests with Qualys SSL Labs, the following browsers
> cannot communicate with tls v2.0.0:
> 
> IE 11 / Win 7
> IE 11 / Win 8.1
> IE 11 / Win Phone 8.1
> IE 11 / Win Phone 8.1 Update
> Safari 6 / iOS 6.0.1
> Safari 7 / iOS 7.1
> Safari 7 / OS X 10.9
> Safari 8 / iOS 8.4
> Safari 8 / OS X 10.10
> 
> They are quite outdated.

TLS is not just for the web.  There are various application ecosystems
that are noticeably less agile than web browsers, and substantially not
at risk from the various browser-related attacks on TLS 1.0.

Note that barring new handshake downgrade attacks, security is improved
by raising the ceiling (making more secure options available and on
by default) than by raising the floor (possibly leading to some
communication using cleartext instead).

The suggestion that I should consider cleartext instead of TLS 1.0 is
a clear case of letting the perfect be the enemy of the good.  In RFC
7435, I made a case for a more practical approach.

-- 
    Viktor.


More information about the Haskell-Cafe mailing list