> On Fri, Jun 01, 2018 at 01:40:58PM +0200, Jan Kurik wrote: > What is the availibility of TLS 1.2 vs 1.1/1.0 on the internet ? > ie how likely is this to break the ability of users to access websites > they care about ? There is quite a lot, sadly. I'd say about 0.1…1% of all internet sites of my personal browsing behavior. Fedora's infrastructure works fine with TLS 1.0 and 1.1 disabled. Essential parts of the eclipse.org infrastructure is still on historic crypto levels, including its wiki, git server and marketplace. This DEFAULT policy probably will break the eclipse marketplace client in Fedora. I haven't found perfect data but SSLLabs' "SSL Pulse" [1] gives some hints. Applying their current metric, any server without TLS 1.2 support will be rewarded with grade C or worse. See [2] for an example. Assuming that grade-F-sites are broken beyond any repair, there's still 7.7% grade C and a few grade D pages resulting in up to 7.8% of all websites still using TLS < 1.2. Without good data on this I highly recommend not disabling TLS <1.2 by default on F29. [1] https://www.ssllabs.com/ssl-pulse/ [2] https://www.ssllabs.com/ssltest/analyze.html?d=marketplace.eclipse.org _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/Z6RXR5W6KH4NODRINVJFEBIBQRX4I6HP/
