apparently by all browsers at once.
just a few hours ago, Firefox popped up a security warning for this forum's website and would not allow me to even see the forum.
I had to waive the warning and establish that it is okay.....
https://techcrunch.com/2018/10/15/major ... standards/
Old network security standards are being dropped
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
- AZgl1800
- Level 20
- Posts: 11146
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Old network security standards are being dropped
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: Old network security standards are being dropped
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: Old network security standards are being dropped
I've had TLS1.0/1.1 disabled for many many years, I wasn't even aware anybody was still using that, those have been insecure for ages.
Confirming TLS1.2 in use on these forums also with chromium: PS: I PM'ed xenopeek about this regardless since there was recently an issue with the forums' CDN not properly redirecting to https:// in some cases and this here might be related in case OP's issue is legit.
Confirming TLS1.2 in use on these forums also with chromium: PS: I PM'ed xenopeek about this regardless since there was recently an issue with the forums' CDN not properly redirecting to https:// in some cases and this here might be related in case OP's issue is legit.
Re: Old network security standards are being dropped
Reporting here as summoned
The forums only supports TLS 1.2 and does not support protocol downgrading to TLS 1.1/1.0 or SSL. Testing with https://testssl.sh/ from my own system and with https://www.ssllabs.com/ssltest/index.html remotely (which test from dozens of different configurations) confirms only TLS 1.2 is supported on the forums and it's not vulnerable to any protocol downgrade attacks because it doesn't support protocol downgrading.
As per your own link you've got your timelines mixed up:
The forums only supports TLS 1.2 and does not support protocol downgrading to TLS 1.1/1.0 or SSL. Testing with https://testssl.sh/ from my own system and with https://www.ssllabs.com/ssltest/index.html remotely (which test from dozens of different configurations) confirms only TLS 1.2 is supported on the forums and it's not vulnerable to any protocol downgrade attacks because it doesn't support protocol downgrading.
As per your own link you've got your timelines mixed up:
I don't know what's going on at your end. Hard to figure out as everything I see says the forums only support TLS 1.2. Having a screenshot of a warning might have been helpful. That's what I do when something out of the ordinary happens; just tap the print screen key and then try and figure it out but have the screenshot for later use if needed.Mozilla, Google, Microsoft and WebKit all made separate but similar announcements on their blogs, essentially that the old versions, [TLS] 1.0 and 1.1, will be phased out by early 2020 — March specifically for some, which we can take as a general indicator for the others.