I was just looking at the TLS deployment statistics.
https://www.trustworthyinternet.org/ssl-pulse/
A (hopefully) large % of the TLS code base has just been updated
because of a vulnerability. However the number of sites supporting TLS
v1.2 has barley increased over the past month.
Why is that?
Well, first, only a small fraction of the TLS installed base was
actually affected by Heartbleed. Second, if you have a TLS v1.0 product
and you want to bump that to TLS v1.2, it requires development work.
Finally, Heartbleed reinforced the opinion of some management chains
that OpenSSL 1.0.1 is still "bleeding edge" and not yet ready for
prime-time. (I can't count the number of people I've heard in the past
month proudly proclaiming they're still on OpenSSL 0.9.8.)
<csg>
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
