On 14.07.2018 23:57, Jeffrey Walton wrote: > On Tue, Jun 19, 2018 at 6:44 AM, Loganaden Velvindron <lo...@hackers.mu> > wrote: >> ... >> As per: >> https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00 >> >> Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by >> default. No doubt that this will cause some discussions, I'm open to >> hearing all opinions on this. > > What will users do? > > I'm guessing most will turn to --no-check-certificate or HTTP, which > has the net effect of removing security, not improving it. > > Stack Overflow is littered with the --no-check-certificate answer for > questions ranging from "how do I use wget to download a file" to "how > do I make my PHP work again".
This is to accept "broken / misused" certificates (lifetime exceeded, wrong domain, etc.) - but maybe I am wrong. Could you explain what the TLS version has to do with this ? AFAICS, if a server doesn't speak TLS1.2, this option this option isn't of any use. Regards, Tim
signature.asc
Description: OpenPGP digital signature
