[SSL Observatory] TLS 1.1/1.2 support
Larry Seltzer
larry at larryseltzer.com
Mon Aug 22 10:45:23 PDT 2011
>From the presentation: "Lack of support for TLS v1.1 and v1.2 is a
cause for concern"
Why? It looks like very few people care.
BTW, Windows 7 and Windows Server 2008 R2 support it out of the box on
the client side, but would it necessarily follow that IIS supports it
as a server?
On Mon, Aug 22, 2011 at 12:58 PM, Ivan Ristic <ivan.ristic at gmail.com> wrote:
>
> The most recent results are from April 2011:
>
> http://blog.ivanristic.com/2011/04/fresh-internet-ssl-survey-results-april-2011-available.html
>
> Protocol analysis is on slide 30. Of course, little changed from 2010,
> the support for TLS 1.1 and TLS 1.2 is virtually non-existent.
>
>
> On Mon, Aug 22, 2011 at 9:47 AM, Peter Gutmann
> <pgut001 at cs.auckland.ac.nz> wrote:
> > Erwann ABALEA <erwann at abalea.com> writes:
> >
> >>SSLLabs from Qualys gives a rating of your website SSL configuration, after
> >>some tests. It can also detect TLS1.1/1.2, and detect a bogus answer to a
> >>nonexistent TLS version (3.99).
> >
> > Ahh, good point. The last figures they published were for Black Hat 2010, for
> > which there were a few hundred TLS 1.1 servers and effectively zero TLS 1.2
> > servers (less than a dozen, probably most or even all test servers run by
> > various vendors). OTOH since both TLS 1.1 and 1.2 have been around for years
> > the BH'10 figures are probably still pretty representative.
> >
> > Peter.
> >
>
>
>
> --
> Ivan Ristić
More information about the Observatory
mailing list