On Mon, Jul 09, 2018 at 12:40:54PM -0400, Kathleen Moriarty wrote: > Hello, > > Stephen and I posted the draft below to see if the TLS working group > is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has > been a recent drop off in usage for web applications due to the PCI > Council recommendation to move off TLSv1.0, with a recommendation to > go to TLSv1.2 by June 30th. NIST has also been recommending TLSv1.2 > as a baseline. Applications other than those using HTTP may not have > had the same reduction in usage. If you are responsible for services > where you have a reasonable vantage point to gather and share > statistics to assess usage further, that could be helpful for the > discussion. We've received some feedback that has been incorporated > into the working draft and feelers in general have been positive. It > would be good to know if there are any show stoppers that have not > been considered. > > https://github.com/sftcd/tls-oldversions-diediedie
I'm very much in favour of deprecating pre-TLSv1.2 versions, and this seems like a good time to start. As far as usage goes, it's still quite significant, at least as far as Cloudflare is concerned. See the chart from a couple of months ago at: https://blog.cloudflare.com/you-get-tls-1-3-you-get-tls-1-3-everyone-gets-tls-1-3/ Particularly for TLSv1.0, which is still at ~10% of all TLS connections we see, while TLSv1.1 is at ~0.2%. Given this it's unlikely we (Cloudflare) will be able to disable them by default any time soon, but we might be able to understand the situation better once we do a more thorough analysis. Cheers _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
