|
|
|
|
|
|
by Bhilai
3184 days ago
|
|
|
I understand that TLS 1.3 is in draft stage currently. Is there an expected date of when TLS1.3 is supposed to be available in common libs and browsers ? Also at current rate it sounds like it’s going to take years to phase out TLS 1.1. Would mordern browsers take a stand and refuse to initiate connections for older versions of TLS and its not just browsers right, there are other odd ball clients and enterprises using IE7 or something super old. I liked the way Apple had taken a stand with App Transport Security initially but even they backed down and pushed the deadline indefinitely. |
|
|
It's already more or less phased out. On my webservers, TLS 1.1 accounts for 0.1% of traffic, and about half of that is junk requests like exploit attempts.
Check out SSL Pulse, specifically the Protocol Support graph:
https://www.ssllabs.com/ssl-pulse/
This used to show 100% support for TLS 1.0, which is now at 92.6% as some sites are now going 1.2-only. That's just webserver support, not usage. Huge real-world difference. Like my car supports not wearing a seal-belt but I always use it. The vast majority of usage is 1.2, and a large percentage of 1.0/1.1 traffic is unwanted garbage traffic. Hence why some people are disabling 1.0/1.1 in their webservers. It also exposes more code for questionable benefit.
BTW I'd love to know what sites support TLS 1.0 but not 1.2. What's the breakdown of the Alexa Top 1000 or so? I suspect it's mostly banks and unknown sites.