Re: F29 System Wide Change: Strong crypto settings: phase 2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Fri, Jun 01, 2018 at 01:40:58PM +0200, Jan Kurik wrote:
> What is the availibility of TLS 1.2 vs 1.1/1.0 on the internet ?
> ie how likely is this to break the ability of users to access websites
> they care about ?

There is quite a lot, sadly. I'd say about 0.1…1% of all internet sites of my personal browsing behavior. Fedora's infrastructure works fine with TLS 1.0 and 1.1 disabled. Essential parts of the eclipse.org infrastructure is still on historic crypto levels, including its wiki, git server and marketplace. This DEFAULT policy probably will break the eclipse marketplace client in Fedora.

I haven't found perfect data but SSLLabs' "SSL Pulse" [1] gives some hints. Applying their current metric, any server without TLS 1.2 support will be rewarded with grade C or worse. See [2] for an example. Assuming that grade-F-sites are broken beyond any repair, there's still 7.7% grade C and a few grade D pages resulting in up to 7.8% of all websites still using TLS < 1.2. Without good data on this I highly recommend not disabling TLS <1.2 by default on F29.

[1] https://www.ssllabs.com/ssl-pulse/
[2] https://www.ssllabs.com/ssltest/analyze.html?d=marketplace.eclipse.org
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/Z6RXR5W6KH4NODRINVJFEBIBQRX4I6HP/




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux