On Thu, 14 Jun 2018, Tomas Mraz wrote:
On Wed, 2018-06-13 at 00:45 -0400, Paul Wouters wrote:
I don't think TLS 1.3 will see a wide deployment immediately. Sure,
the
famous top websites and top browsers will, but enterprises will not.
And
especially those with any kind of loggin/auditing requirements cannot
even allow TLS 1.3 with ephemeral DH on their network.
I would personally first try and disable TLS 1.0 in f29 and see how
much
problems that generates. Then in f30 or f31 disable TLS 1.1.
Except from the internet website statistics the TLS-1.1 only or as
maximum TLS version is not deployed. The sites are either TLS-1.0 max
version or they support also TLS-1.2. So this will not make almost any
difference and the impact on compatibility will be practically the same
as disabling even TLS-1.1.
Today a document was submitted to the TLS WG to phase out TLS 1.0 and 1.1:
https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00
I guess it all depends on the lifetime of old cheap android devices :P
Paul
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/VZAJCPXLWPGNP2JGNZOOVFXILCLBFR5G/
