daniel:// stenberg://The state of SSL stacks:
Kal Feher@bagder while I understand the reasoning, the position that modern libraries should support tls 1.0 doesn’t sit right with me. Especially with no caveats about limited use cases.
William Lallemand@kalfeher
Hopefully TLS 1.0 will disappear, but there are still cases where people want to use a modern HAProxy stack in front of a proprietary software which only handles TLS 1.0 for example. HAProxy is a swiss army knife which handles that kind of cases, and make people life easy in hostile environment 🙂
Hopefully TLS 1.0 will disappear, but there are still cases where people want to use a modern HAProxy stack in front of a proprietary software which only handles TLS 1.0 for example. HAProxy is a swiss army knife which handles that kind of cases, and make people life easy in hostile environment 🙂
@sekh ppl are free to design software as they wish. But requiring support for something deliberately removed from the protocol 4yrs ago is something that may end up hurting consumers of the service.
Their choice, but it’s a short sighted choice imho
@kalfeher obsolete protocols and softwares are part of a lot of ecosystem. Unfortunately deprecating something doesn't make it disappear, but rest assured, TLSv1.0 and 1.1 are disabled by default. Like we said in the article, that's to "accommodate diverse client requirements while encouraging migration to more secure protocols.". Most openssl drop-in replacement still implements TLS1.0, so that's not really an important point. It's not about designing a software, switching this on is basically 2 lines of code.