>>> I don't think TLS 1.3 will see a wide deployment immediately. Sure, >>> the >>> famous top websites and top browsers will, but enterprises will not. >>> And >>> especially those with any kind of loggin/auditing requirements cannot >>> even allow TLS 1.3 with ephemeral DH on their network. >>> >>> I would personally first try and disable TLS 1.0 in f29 and see how >>> much >>> problems that generates. Then in f30 or f31 disable TLS 1.1. >> >> >> Except from the internet website statistics the TLS-1.1 only or as >> maximum TLS version is not deployed. The sites are either TLS-1.0 max >> version or they support also TLS-1.2. So this will not make almost any >> difference and the impact on compatibility will be practically the same >> as disabling even TLS-1.1. > > > Today a document was submitted to the TLS WG to phase out TLS 1.0 and 1.1: > > https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00 > > I guess it all depends on the lifetime of old cheap android devices :P
There's also requirements by PCI (Payment Card Industry, not the interconnect tech) for sites doing financial transactions to be HTTP/1.1 and TLS 1.2 by June 30 too so no doubt that'll spur some sites forward too https://www.theregister.co.uk/2018/06/20/paypal_security_upgrade/ _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/BUCE6MPMCDQ6XBZX7UDWPV24X3PGL7YB/
