[furbyhater]

"We've disabled old TLS connections and insecure cipher-schemes, so websites which used to work will now display an error" doesn't really sound like an improvement for the user. I'd rather see a warning detailing the situation and asking me if I want to proceed (maybe I don't care about encryption when visiting the particular site).

[aseipp]

You're actually asking for a thing that has already been available for quite a while until now (click through errors). So if you're just now thinking "maybe they should do that", they already have, and it's a strong indication that you never ran into any sites still using TLS 1.1 or 1.0 — and that removing them is just fine.

> I'd rather see

TLS 1.0 and 1.1 have unfixable security issues and TLS 1.2 was ratified as an internet standard 12 years ago. Mozilla reported over 1.5 years ago that the total number of TLS 1.1 and 1.0 connections seen from users was less than 1.5% of total TLS connections. There have been years of notice leading up to this. What internet forums filled with nerds would "rather see" isn't really relevant. I'm sure there were plenty of people worried about SSL 3.0, too, and the world didn't come to an end.

[kbrosnan]

There has been a bypassable error for TLS 1.0 and 1.1 for several months. There have been error messages in devtools. In October of 2018 the browser vendors jointly announced that this change was coming. [1][2] This is happening in coordination with Chrome. The sites that are affected by this have had nearly 2 years to sort out their upgrade to TLS 1.2 or 1.3.

[1] https://blog.mozilla.org/security/2018/10/15/removing-old-ve... [2] https://blog.chromium.org/2019/10/chrome-ui-for-deprecating-...

[yjftsjthsd-h]

> The sites that are affected by this have had nearly 2 years to sort out their upgrade to TLS 1.2 or 1.3.

... or are hardware appliances with a management interface, segregated on an internal VLAN, that will never be updated, but which were helpfully "forward thinking" enough to force HTTPS.

[driverdan]

Unfortunately most users don't have enough knowledge to make an informed decision like that. It's better to keep users secure by disabling insecure ciphers.

[AnIdiotOnTheNet]

Is for your own good comrade!

[tandr]

yeah... means now I need to figure out how to connect to that old cable modem+router to change settings - it was born before TLS 1.3 ,and still works perfectly. Same for some other older networked devices that cannot be upgraded.