Sent from my mobile device
> On Jul 10, 2018, at 4:31 PM, Martin Rex <[email protected]> wrote:
>
> [email protected] (Martin Rex) wrote:
>> Andrei Popov <[email protected]> wrote:
>>>
>>> On the recent Windows versions, TLS 1.0 is negotiated more than 10%
>>> of the time on the client side (this includes non-browser connections
>>> from all sorts of apps, some hard-coding TLS versions),
>>> and TLS 1.1 accounts for ~0.3% of client connections.
>>
>> "On recent Windows versions" sounds like figure might not account
>> for Windows 7 and Windows Server 2008R2, about half of the installed
>> base of Windows, and where the numbers are likely *MUCH* higher.
>>
>> When troubleshooting TLS handshake failures, I sometimes trying
>> alternative SSL/TLS clients on customer machines through remote support,
>> and it seems when I run this command on a Windows 2012R2 server:
>>
>> powershell "$web=New-Object System.Net.WebClient ;
>> $web.DownloadString('https://www.example.com/')" 2>&1
>>
>> it connects with TLSv1.0 only, and this is a client-side limitation.
>>
>> To make it use TLSv1.2, I would have to use
>>
>> powershell "[Net.ServicePointManager]::SecurityProtocol =
>> [Net.SecurityProtocolType]::Tls12 ; $web=New-Object System.Net.WebClient ;
>> $web.DownloadString('https://www.example.com/')" 2>&1
>>
>> i.e. explicit opt-in.
>
>
> btw. I checked this on a Windows 10 (1709) machine, and it's powershell also
> tries connecting with TLSv1.0 only.
>
> To me, it looks more like 100% of the Microsoft Windows installed
> base not being ready for a TLSv1.2-only world.
>
Martin,
Do you want to add a PR with this unless further verification is needed?
Thank you,
Kathleen
>
> -Martin
>
> _______________________________________________
> TLS mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls