Closed nervuri closed 11 months ago
I agree it would be wise to set the minimum protocol version at TLS 1.2 on client-side as it would dissuade servers from using off-spec versions of TLS.
Checking tlsprivacy.nervuri.net with Lagrange v1.17.1, I get this:
{
"code": 43,
"name": "supported_versions",
"data": {
"raw": "0403040303",
"supported_tls_versions": [
{
"code": 772,
"hex_code": "0304",
"name": "TLS 1.3"
},
{
"code": 771,
"hex_code": "0303",
"name": "TLS 1.2"
}
]
}
},
Which would mean the issue has been resolved, I believe.
Lagrange supports TLS 1.0 and 1.1, at least on my machine (I compiled Lagrange on Debian 12).
Looking at the spec, I'm surprised to see that it's not explicit about disallowing TLS versions prior to 1.2. Solderpunk's version says:
While Sean Conner's version says:
and
Neither spec says that clients MUST NOT support TLS versions older than 1.2, but I think that was always the intention.