Should TLS 1.0 be acceptable?
I don't claim to be a crypto geek.
Curiously the ISM standards make TLS 1.2 only advisory:
- Control: 1447; Revision: 0; Updated: Apr-15; Applicability: UD, P, C,
S, TS; Compliance: must; Authority: AA
- Agencies *must use TLS*.
-
- Control: 1139; Revision: 3; Updated: Apr-15; Applicability: UD, P,
C, S, TS; Compliance: should; Authority: AA
- Agencies *should use the latest version of TLS*
Kind regards
Paul Wilkins
On 24 July 2018 at 11:10, Scott Howard <sc...@doc.net.au> wrote:
> On Mon, Jul 23, 2018 at 6:00 PM, Noel Butler <noel.but...@ausics.net>
> wrote:
>>
>> You are the one choosing to use cpanel/plesk, lazy webhost solutions that
>> puts all your customers eggs in the one single basket (though I heard plesk
>> may soon be changing that), sorry, but that is not TPG's fault your chosen
>> hosting software lives in the 90s.
>>
>
> Perhaps not, but it IS TPG's fault that their mail server is only
> supporting encryption algorithms that live in the 90's...
>
> Irrespective of the PCI argument or not, TPG supporting TLS 1.0 but not
> higher in 2018 simply shouldn't be seen as acceptable.
>
> Scott
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
