On Thu, Jun 14, 2018 at 03:28:31PM +0200, Tomas Mraz wrote: > > I don't think TLS 1.3 will see a wide deployment immediately. Sure, > > the > > famous top websites and top browsers will, but enterprises will not. > > And > > especially those with any kind of loggin/auditing requirements cannot > > even allow TLS 1.3 with ephemeral DH on their network. > > > > I would personally first try and disable TLS 1.0 in f29 and see how > > much > > problems that generates. Then in f30 or f31 disable TLS 1.1. > > Except from the internet website statistics the TLS-1.1 only or as > maximum TLS version is not deployed. The sites are either TLS-1.0 max > version or they support also TLS-1.2. So this will not make almost any > difference and the impact on compatibility will be practically the same > as disabling even TLS-1.1. This is similar for client capabilities. Disabling TLS 1.0 makes servers hosted on Fedora inaccessible for Android up to 5.0. Which means 15% of all Android devices – about 300 million devices. Disabling TLS 1.1 has no significant impact on top of that. Resources: - https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers – https://developer.android.com/about/dashboards/ -- Tomasz Torcz 72->| 80->| xmpp: zdzichubg@xxxxxxxxx 72->| 80->| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/4U74RPH6RB5G7HD7CB23WJTKJU65HHWA/
