On Fri, Jun 01, 2018 at 01:40:58PM +0200, Jan Kurik wrote: > = Proposed System Wide Change: Strong crypto settings: phase 2 = > https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 > > > Owner(s): > * Tomáš Mráz <tmraz at redhat dot com> > > > We update the current system-wide crypto policy to further disable > legacy cryptographic protocols (TLS 1.0 and TLS 1.1) and weak > Diffie-Hellman key exchange sizes (1024 bit) [snip] What is the availibility of TLS 1.2 vs 1.1/1.0 on the internet ? ie how likely is this to break the ability of users to access websites they care about ? The actual change page does mention it in passing, but not in a convincing manner "User Experience Given the existing deployment of TLS 1.2 on the internet, there should not be significant user experience degradation, although that's a speculation." Are there any internet scan survey results looking at TLS versions on servers, that can make this more compelling than just speculation ? I've found some via google, but they're four+ years old already so won't mention them as it is likely oudated & misleading. Surely someone has got scan results looking at this from 2017/2018 though ? NB, I'm not objecting to switch to 1.2 by default - I just like to see a more evidence based change proposal. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/TMXLAXZMTFNF4OOXHSNQPCXZKBF4OEBS/
