+++ author = "rootdo.com" title = "Information about TLS 1.3 and 1.2" date = "2024-05-25" tags = [ "post", "information", "TLS", ] categories = [ "blog", "rootdo", ] +++ --- ## !!! UPDATE !!! * I enabled TLS 1.2 again because of many user requests. Apparently there are more people out there with "older" hardware than I thought. Hey! I decided to disable TLS 1.2 support and only allow TLS 1.3 on rootdo.com and every sub domain. - Reasons are simple: - TLS 1.2 is old. If you still use devices that do not support TLS 1.3. I am sorry, but it is time to get some new stuff then. - TLS 1.2 is old. Time to move one! - https://www.cloudflare.com/learning/ssl/why-use-tls-1.3/ In case somebody wants to check the site and TLS with [https://cryptcheck.fr]() (very popular site in the community)

You will see an error like this

Screenshot_20240525_155901.png

The reason is given by the maintainer of the site cryptcheck.fr as following: > Hello! > It's currently not possible. I'm tied to OpenSSL 1.0.x to support old/deprecated ciphers like SSLv2 or RC4, but 1.2.x is required for TLSv1.3 which remove all deprecated world support with no way to reactivate it at build time. And there is no simple way to use 2 differents OpenSSL binding on the same ruby setup (OpenSSL support is built-in in Ruby core extension…). Source: [https://github.com/aeris/cryptcheck/issues/46#issuecomment-533865220]() This was the last time I tested with the TLS 1.2 version enabled. ![Screenshot_20240525_155542.png]()