hal/rootdo
hal/rootdo
Template
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
rootdo/content/post/Information-about-TLS-1.3-and-1.2.md

47 lines
2 KiB
Markdown
Raw Normal View History

Initial commit
2024-10-04 12:44:59 +00:00
+++
author = "rootdo.com"
title = "Information about TLS 1.3 and 1.2"
date = "2024-05-25"
tags = [
"post",
"information",
"TLS",
]
categories = [
"blog",
"rootdo",
]
+++
---
## <span style='color: #e0ac16;'><b>!!! UPDATE !!!</b></span>
* I enabled TLS 1.2 again because of many user requests. Apparently there are more people out there with "older" hardware than I thought.
Hey!
I decided to disable TLS 1.2 support and only allow TLS 1.3 on rootdo.com and every sub domain.
- Reasons are simple:
- TLS 1.2 is old. If you still use devices that do not support TLS 1.3. I am sorry, but it is time to get some new stuff then.
- TLS 1.2 is old. Time to move one!
- https://www.cloudflare.com/learning/ssl/why-use-tls-1.3/
In case somebody wants to check the site and TLS with [https://cryptcheck.fr](<https://cryptcheck.fr>) (very popular site in the community)
<div data-block-id="22Z2hOKa" data-callout-type="info" class="callout"><h4 data-block-id="t2lgsurS">You will see an error like this</h4><p data-block-id="5vFhhwby" data-spacing="single"><img class="" src="/img//attachments/25f5e5589047e92d-Screenshot_20240525_155901.png" alt="Screenshot_20240525_155901.png" width="754" height="166"></p></div>
The reason is given by the maintainer of the site cryptcheck.fr as following:
> Hello!
> It's currently not possible. I'm tied to OpenSSL 1.0.x to support old/deprecated ciphers like SSLv2 or RC4, but 1.2.x is required for TLSv1.3 which remove all deprecated world support with no way to reactivate it at build time. And there is no simple way to use 2 differents OpenSSL binding on the same ruby setup (OpenSSL support is built-in in Ruby core extension…).
Source: [https://github.com/aeris/cryptcheck/issues/46#issuecomment-533865220](<https://github.com/aeris/cryptcheck/issues/46#issuecomment-533865220>)
This was the last time I tested with the TLS 1.2 version enabled.
![Screenshot_20240525_155542.png](</img/attachments/65dcaa4fd132a157-Screenshot_20240525_155542.png>)
Reference in a new issue Copy permalink