|
|
|
|
|
|
by Panino
3187 days ago
|
|
|
> Also at current rate it sounds like it’s going to take years to phase out TLS 1.1. It's already more or less phased out. On my webservers, TLS 1.1 accounts for 0.1% of traffic, and about half of that is junk requests like exploit attempts. Check out SSL Pulse, specifically the Protocol Support graph: https://www.ssllabs.com/ssl-pulse/ This used to show 100% support for TLS 1.0, which is now at 92.6% as some sites are now going 1.2-only. That's just webserver support, not usage. Huge real-world difference. Like my car supports not wearing a seal-belt but I always use it. The vast majority of usage is 1.2, and a large percentage of 1.0/1.1 traffic is unwanted garbage traffic. Hence why some people are disabling 1.0/1.1 in their webservers. It also exposes more code for questionable benefit. BTW I'd love to know what sites support TLS 1.0 but not 1.2. What's the breakdown of the Alexa Top 1000 or so? I suspect it's mostly banks and unknown sites. |
|
|
Was TLS 1.1 ever "phased in"? It was the "most recent" TLS version for only a couple of years, so the early adopters went quickly to TLS 1.2, while the late adopters stayed at TLS 1.0 (or even "TLS 1.0 but disabled by default, therefore actually SSL 3.0"). Once the later adopters catch up, there's no reason for them to not jump directly to TLS 1.2.