Not just web sites. Changes in Firefox and Chrome have already made working with embedded devices such as DRAC and storage servers nearly impossible. IMO there needs to be a fallback option to still allow access to "insecure" sites that still use TLS 1.0 or older certificates that still use SHA-1.
On 06/02/2018 05:57 AM, Christian Stadelmann wrote: >> On Fri, Jun 01, 2018 at 01:40:58PM +0200, Jan Kurik wrote: >> What is the availibility of TLS 1.2 vs 1.1/1.0 on the internet ? >> ie how likely is this to break the ability of users to access websites >> they care about ? > There is quite a lot, sadly. I'd say about 0.1…1% of all internet sites of my > personal browsing behavior. Fedora's infrastructure works fine with TLS 1.0 > and 1.1 disabled. Essential parts of the eclipse.org infrastructure is still > on historic crypto levels, including its wiki, git server and marketplace. > This DEFAULT policy probably will break the eclipse marketplace client in > Fedora. > > I haven't found perfect data but SSLLabs' "SSL Pulse" [1] gives some hints. > Applying their current metric, any server without TLS 1.2 support will be > rewarded with grade C or worse. See [2] for an example. Assuming that > grade-F-sites are broken beyond any repair, there's still 7.7% grade C and a > few grade D pages resulting in up to 7.8% of all websites still using TLS < > 1.2. Without good data on this I highly recommend not disabling TLS <1.2 by > default on F29. > > [1] https://www.ssllabs.com/ssl-pulse/ > [2] https://www.ssllabs.com/ssltest/analyze.html?d=marketplace.eclipse.org > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/Z6RXR5W6KH4NODRINVJFEBIBQRX4I6HP/ _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/BPNMA54WJ5B7QMBTEMPDVDGOHCIHQDHN/
