FWIW, The next release of OpenSSL is an LTS release and will be supported for
five years. It disables SSLv3 by default, but does enable TLS1.0 and TLS1.1 by
default. (It also includes TLS1.3, nudge nudge RFC editor queue.)
On 7/9/18, 12:42 PM, "Kathleen Moriarty" <kathleen.moriarty.i...@gmail.com>
wrote:
Hello,
Stephen and I posted the draft below to see if the TLS working group
is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has
been a recent drop off in usage for web applications due to the PCI
Council recommendation to move off TLSv1.0, with a recommendation to
go to TLSv1.2 by June 30th. NIST has also been recommending TLSv1.2
as a baseline. Applications other than those using HTTP may not have
had the same reduction in usage. If you are responsible for services
where you have a reasonable vantage point to gather and share
statistics to assess usage further, that could be helpful for the
discussion. We've received some feedback that has been incorporated
into the working draft and feelers in general have been positive. It
would be good to know if there are any show stoppers that have not
been considered.
https://github.com/sftcd/tls-oldversions-diediedie
Thanks in advance,
Kathleen
---------- Forwarded message ----------
From: <internet-dra...@ietf.org>
Date: Mon, Jun 18, 2018 at 3:05 PM
Subject: New Version Notification for
draft-moriarty-tls-oldversions-diediedie-00.txt
To: Stephen Farrell <stephen.farr...@cs.tcd.ie>, Kathleen Moriarty
<kathleen.moriarty.i...@gmail.com>
A new version of I-D, draft-moriarty-tls-oldversions-diediedie-00.txt
has been successfully submitted by Stephen Farrell and posted to the
IETF repository.
Name: draft-moriarty-tls-oldversions-diediedie
Revision: 00
Title: Deprecating TLSv1.0 and TLSv1.1
Document date: 2018-06-18
Group: Individual Submission
Pages: 10
URL:
https://www.ietf.org/internet-drafts/draft-moriarty-tls-oldversions-diediedie-00.txt
Status:
https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/
Htmlized:
https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00
Htmlized:
https://datatracker.ietf.org/doc/html/draft-moriarty-tls-oldversions-diediedie
Abstract:
This document [if approved] formally deprecates Transport Layer
Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves
these documents to the historic state. These versions lack support
for current and recommended cipher suites, and various government and
industry profiiles of applications using TLS now mandate avoiding
these old TLS versions. TLSv1.2 has been the recommended version for
IETF protocols since 2008, providing sufficient time to transition
away from older versions. Products having to support older versions
increase the attack surface unnecessarily and increase opportunities
for misconfigurations. Supporting these older versions also requires
additional effort for library and product maintenance.
This document updates the backward compatibility sections of TLS RFCs
[[list TBD]] to prohibit fallback to TLSv1.0 and TLSv1.1. This
document also updates RFC 7525.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
--
Best regards,
Kathleen
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
