GoFuckYourself.com - Adult Webmaster Forum - View Single Post - If you run a server, website email server etc

rowan · 02-05-2020, 05:14 PM

As a consumer, I think it's good practice to disallow TLS 1.0/TLS 1.1 now, so you can clearly see when a site hasn't had its security config updated since before 2008 (when TLS 1.2 was introduced)

Firefox is now warning people anyway. If the site only supports 1.0/1.1, it throws up a dialog and asks if you want to make an exception. (Unfortunately it seems to be a global config thing, not on a per-site basis, so you have to go and manually unset it later)

I've personally only run across a handful of sites that don't support TLS 1.2+, but one of them handles CC info. Pretty dodgy.

02-05-2020, 05:14 PM
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	As a consumer, I think it's good practice to disallow TLS 1.0/TLS 1.1 now, so you can clearly see when a site hasn't had its security config updated since before 2008 (when TLS 1.2 was introduced) Firefox is now warning people anyway. If the site only supports 1.0/1.1, it throws up a dialog and asks if you want to make an exception. (Unfortunately it seems to be a global config thing, not on a per-site basis, so you have to go and manually unset it later) I've personally only run across a handful of sites that don't support TLS 1.2+, but one of them handles CC info. Pretty dodgy.