Old network security standards are being dropped

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
User avatar
AZgl1500
Level 9
Level 9
Posts: 2764
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Old network security standards are being dropped

Post by AZgl1500 » Tue Oct 16, 2018 6:52 am

apparently by all browsers at once.

just a few hours ago, Firefox popped up a security warning for this forum's website and would not allow me to even see the forum.

I had to waive the warning and establish that it is okay.....

https://techcrunch.com/2018/10/15/major ... standards/

User avatar
catweazel
Level 17
Level 17
Posts: 7756
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Old network security standards are being dropped

Post by catweazel » Tue Oct 16, 2018 6:58 am

AZgl1500 wrote:
Tue Oct 16, 2018 6:52 am
just a few hours ago, Firefox popped up a security warning for this forum's website and would not allow me to even see the forum.
I don't have that issue, and the site is using TLS 1.2.

Image
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

gm10
Level 12
Level 12
Posts: 4154
Joined: Thu Jun 21, 2018 5:11 pm

Re: Old network security standards are being dropped

Post by gm10 » Tue Oct 16, 2018 7:48 am

I've had TLS1.0/1.1 disabled for many many years, I wasn't even aware anybody was still using that, those have been insecure for ages.

Confirming TLS1.2 in use on these forums also with chromium:
tls.png
tls.png (32.6 KiB) Viewed 262 times
PS: I PM'ed xenopeek about this regardless since there was recently an issue with the forums' CDN not properly redirecting to https:// in some cases and this here might be related in case OP's issue is legit.

User avatar
xenopeek
Level 24
Level 24
Posts: 23124
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Old network security standards are being dropped

Post by xenopeek » Tue Oct 16, 2018 8:38 am

Reporting here as summoned :)

The forums only supports TLS 1.2 and does not support protocol downgrading to TLS 1.1/1.0 or SSL. Testing with https://testssl.sh/ from my own system and with https://www.ssllabs.com/ssltest/index.html remotely (which test from dozens of different configurations) confirms only TLS 1.2 is supported on the forums and it's not vulnerable to any protocol downgrade attacks because it doesn't support protocol downgrading.

As per your own link you've got your timelines mixed up:
Mozilla, Google, Microsoft and WebKit all made separate but similar announcements on their blogs, essentially that the old versions, [TLS] 1.0 and 1.1, will be phased out by early 2020 — March specifically for some, which we can take as a general indicator for the others.
I don't know what's going on at your end. Hard to figure out as everything I see says the forums only support TLS 1.2. Having a screenshot of a warning might have been helpful. That's what I do when something out of the ordinary happens; just tap the print screen key and then try and figure it out but have the screenshot for later use if needed.
Image

Post Reply

Return to “Other networking topics”