(Chair hat off.) On Wed, Jul 11, 2018 at 10:37 AM, David Benjamin <david...@chromium.org> wrote: > On Mon, Jul 9, 2018 at 12:58 PM Eric Rescorla <e...@rtfm.com> wrote: >> >> On Mon, Jul 9, 2018 at 9:54 AM, Eric Rescorla <e...@rtfm.com> wrote: >>> >>> Thanks for writing this. >>> >>> I would be in favor of deprecating old versions of TLS prior to 1.2. >>> Firefox Telemetry shows that about 1% of our connections are TLS 1.1 >> >> >> This should be 1.0. >> >> >>> (on the same data set, TLS 1.3 is > 5%), and TLS 1.1 is negligible. >>> >>> This is probably a higher number than we'd be comfortable turning off >>> immediately, but it is probably worth starting the process. > > > Metrics from Chrome report 0.43% of our connections are TLS 1.0 and 0.03% of > them are TLS 1.1, which is a similar situation. I too am in favor of > deprecating them and getting things started.
Our system-wide metrics indicate 0.36% and 99.6% of connections are TLS 1.0 and 1.2, respectively. This does not include all code paths, though it covers the overwhelming majority of use cases, including mobile mail. Thus, similar to others, I'm in favor of deprecating TLS 1.0 and 1.1. Best, Chris _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
