On Fri, May 29, 2020 at 11:35:42AM +0200, William Dauchy wrote: > On Wed, May 27, 2020 at 12:42 PM William Lallemand > <wlallem...@haproxy.com> wrote: > > So in my opinion we should do the same, and set the minimum version to > > TLSv12 by default on bind lines. It's still configurable with > > min-ssl-ver if you want the support for prior TLS versions. > > Does anybody have any objections? > > Even though I'm late in the reply, I think it is a good decision. > Modern browsers are going to disable it at some point; on our side we > disabled tls1.0. and 1.1 completely last year. The traffic coming from > browsers with this version was very low (around 1% IIRC, no more than > 2%), and we also realised a big part of it was in fact fraudulent > traffic coming from bots, so the final decision was not hard. >
Thanks William, these are really interesting numbers. -- William Lallemand