atjn
commented
4 years ago TLS 1.3 is now supported. TLS 1.1 is being removed in all modern browsers, rendering downgrade attacks impossible.
It's not everything you asked for, but it's getting there 🥳
Open Kenneth-Barber opened 4 years ago
atjn
commented
4 years ago TLS 1.3 is now supported. TLS 1.1 is being removed in all modern browsers, rendering downgrade attacks impossible.
It's not everything you asked for, but it's getting there 🥳
Kenneth-Barber
commented
4 years ago Yes, TLS 1.1 won't work in modern browsers, but what about those browsers that haven't been upgraded? From a security standpoint, it is better to not let the user connect than to let them connect insecurely.
TLS 1.1 is not secure. Please drop support for it. Continued support exposes us all to the risk of a downgrade attack (i.e. a hacker might be able to force someone, who would otherwise use TLS 1.2, use TLS 1.1 and then hack into that).
In addition, please add support for TLS 1.3 so that we can access caniuse.com more quickly and securely.
Lastly, please drop support for weak cipher suites for TLS 1.2.
The Qualys SSL Server Test reveals the TLS versions and cipher suites that caniuse.com supports: https://www.ssllabs.com/ssltest/analyze.html?d=caniuse.com