>On the recent Windows versions, TLS 1.0 is negotiated more than 10% of the time on the client side (this includes non-browser connections from all sorts of apps, some hard-coding TLS versions), and TLS 1.1 accounts for ~0.3% of client >connections. Windows server negotiates TLS 1.0 ~1.5% of the time (all server apps, not just IIS), and the use of TLS 1.1 is negligible.
>Therefore, we cannot disable TLS 1.0 by default in Windows just yet, but will keep looking at the telemetry. If PCI/NIST/diediedie RFC make a difference, I’ll be happy to reduce the set of enabled-by-default TLS versions. While I support the move to more secure versions of TLS, I would say that in the U.S. at least, is that people are trying as hard as they can to get current. It is not that easy. My data points are the Fortune 500 and equivalent sized government agencies, including city and county governments, even large school districts such as Los Angeles Unified. For at least the last two to four years, quite a few of the people that I know have been trying to get upgraded to TLS1.2 on their own - with no incentive needed. A while back, I was talking to someone I know about the PCI mandate for June 30th. These guys run quite a large network with millions of clients coming in via business partner and other networks. By the time, they get to his applications, he really has no idea what the actual IP address of the end user is and how to reach out to them to get them to upgrade whatever client software they have that is not current. He has a number of his staff devoted to doing just this. The endpoints are not just running browsers. They may have Telnet, FTP, SMTP, MQSeries or any one of a thousand different applications. Each with their own client software which has to be upgraded individually. Keeping endpoints and applications patched and current takes a huge amount of effort - maybe the bulk of the effort - spent by staff at enterprises. The manager of the above site said to me that he knows the PCI date is June 30 to get off of earlier versions of TLS but he said, "You know, Nalini, we may not make it." Those guys are very smart. I have known them for many years My guess would be that it is in the 10 - 20% range for clients using versions pre-TLS1.2. It would be nice to see some of this reflected in the draft rather than only statistics on browsers. The real usage of these protocols is far more complex. Nalini On Mon, Jul 9, 2018 at 11:30 PM, Andrei Popov < [email protected]> wrote: > On the recent Windows versions, TLS 1.0 is negotiated more than 10% of the > time on the client side (this includes non-browser connections from all > sorts of apps, some hard-coding TLS versions), and TLS 1.1 accounts for > ~0.3% of client connections. > > Windows server negotiates TLS 1.0 ~1.5% of the time (all server apps, not > just IIS), and the use of TLS 1.1 is negligible. > > > > Therefore, we cannot disable TLS 1.0 by default in Windows just yet, but > will keep looking at the telemetry. If PCI/NIST/diediedie RFC make a > difference, I’ll be happy to reduce the set of enabled-by-default TLS > versions. > > > > Cheers, > > > > Andrei > > > > *From:* TLS <[email protected]> *On Behalf Of * Eric Rescorla > *Sent:* Monday, July 9, 2018 9:57 AM > *To:* Kathleen Moriarty <[email protected]> > *Cc:* <[email protected]> <[email protected]> > *Subject:* Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls- > oldversions-diediedie-00.txt > > > > > > > > On Mon, Jul 9, 2018 at 9:54 AM, Eric Rescorla <[email protected]> wrote: > > Thanks for writing this. > > > > I would be in favor of deprecating old versions of TLS prior to 1.2. > Firefox Telemetry shows that about 1% of our connections are TLS 1.1 > > > > This should be 1.0. > > > > > > (on the same data set, TLS 1.3 is > 5%), and TLS 1.1 is negligible. > > > > This is probably a higher number than we'd be comfortable turning off > immediately, but it is probably worth starting the process. > > > > -Ekr > > > > > > On Mon, Jul 9, 2018 at 9:40 AM, Kathleen Moriarty < > [email protected]> wrote: > > Hello, > > Stephen and I posted the draft below to see if the TLS working group > is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has > been a recent drop off in usage for web applications due to the PCI > Council recommendation to move off TLSv1.0, with a recommendation to > go to TLSv1.2 by June 30th. NIST has also been recommending TLSv1.2 > as a baseline. Applications other than those using HTTP may not have > had the same reduction in usage. If you are responsible for services > where you have a reasonable vantage point to gather and share > statistics to assess usage further, that could be helpful for the > discussion. We've received some feedback that has been incorporated > into the working draft and feelers in general have been positive. It > would be good to know if there are any show stoppers that have not > been considered. > > https://github.com/sftcd/tls-oldversions-diediedie > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsftcd%2Ftls-oldversions-diediedie&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C30b7cfd6c111409f442b08d5e5bd3777%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636667523215001514&sdata=6JSQZe93nWnAELvOgG3KyIcPopQleMDtNF6v8LWFXWU%3D&reserved=0> > > Thanks in advance, > Kathleen > > > ---------- Forwarded message ---------- > From: <[email protected]> > Date: Mon, Jun 18, 2018 at 3:05 PM > Subject: New Version Notification for > draft-moriarty-tls-oldversions-diediedie-00.txt > To: Stephen Farrell <[email protected]>, Kathleen Moriarty > <[email protected]> > > > > A new version of I-D, draft-moriarty-tls-oldversions-diediedie-00.txt > has been successfully submitted by Stephen Farrell and posted to the > IETF repository. > > Name: draft-moriarty-tls-oldversions-diediedie > Revision: 00 > Title: Deprecating TLSv1.0 and TLSv1.1 > Document date: 2018-06-18 > Group: Individual Submission > Pages: 10 > URL: > https://www.ietf..org/internet-drafts/draft-moriarty-tls-oldversions- > diediedie-00.txt > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-moriarty-tls-oldversions-diediedie-00.txt&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C30b7cfd6c111409f442b08d5e5bd3777%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636667523215011518&sdata=%2BBRGmMbf7r4mXoyWqHmT6kgNjHw7Drh7ldDceG5gqfQ%3D&reserved=0> > Status: > https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/ > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-moriarty-tls-oldversions-diediedie%2F&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C30b7cfd6c111409f442b08d5e5bd3777%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636667523215011518&sdata=Qge2nvcx8fz105Uux1rl1eM2yHiI7zbvxA8Pvps10z8%3D&reserved=0> > Htmlized: > https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00 > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools..ietf.org%2Fhtml%2Fdraft-moriarty-tls-oldversions-diediedie-00&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C30b7cfd6c111409f442b08d5e5bd3777%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636667523215021535&sdata=Bz6FrvviPoSIxkB83boGxcOxVg2NvrqS3A1bUinNodc%3D&reserved=0> > Htmlized: > https://datatracker.ietf.org/doc/html/draft-moriarty-tls- > oldversions-diediedie > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-moriarty-tls-oldversions-diediedie&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C30b7cfd6c111409f442b08d5e5bd3777%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636667523215021535&sdata=M1O48yPTPkd%2Bb3%2FE3z0%2FAniBUMozDwfQzp2Ra5sLRbQ%3D&reserved=0> > > > Abstract: > This document [if approved] formally deprecates Transport Layer > Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves > these documents to the historic state. These versions lack support > for current and recommended cipher suites, and various government and > industry profiiles of applications using TLS now mandate avoiding > these old TLS versions. TLSv1.2 has been the recommended version for > IETF protocols since 2008, providing sufficient time to transition > away from older versions. Products having to support older versions > increase the attack surface unnecessarily and increase opportunities > for misconfigurations. Supporting these older versions also requires > additional effort for library and product maintenance. > > This document updates the backward compatibility sections of TLS RFCs > [[list TBD]] to prohibit fallback to TLSv1.0 and TLSv1.1. This > document also updates RFC 7525. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftools.ietf.org&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C30b7cfd6c111409f442b08d5e5bd3777%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636667523215031539&sdata=ixEPAZe51d1FhvdB9sQ8mzRHY04Blyx%2BIYjlFC%2Fo0dw%3D&reserved=0> > . > > The IETF Secretariat > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C30b7cfd6c111409f442b08d5e5bd3777%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636667523215041552&sdata=GkIXrs3zVeUBaEU2EUL8%2FXJdDdkDUlQ70iKr0rDJQRU%3D&reserved=0> > > > > > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > > -- Thanks, Nalini Elkins President Enterprise Data Center Operators www.e-dco.com
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
