This makes me anxious, but I'm not sure if my anxiety is valid. I didn't know it was okay to disable TLS 1.0/1.1 this early. Correct me if I'm wrong, but this will affect all HTTPS web requests and web serving, as well as mail delivery and receipt from Debian sid. I'm not sure I want to only be able to surf ~90% of the encrypted web[1] and I'm not sure I'm ready to drop support for Android 4.3[2] or stock Windows 7/IE (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto. I have mail in my inbox (from eg. Amazon Pay) received over TLS 1.0. As far as I understand, supporting outdated protocols like TLS 1.0 is only a problem if there is a downgrade attack that can force a server and client that speak TLS 1.2 to communicate over TLS 1.0. Otherwise, it should be fine to support TLS 1.0 to speak to older clients, while giving newer clients the option to speak over TLS 1.2.<p>Hopefully this announcement is correct in the assumption that support for TLS 1.2 will be high enough when Buster is released.<p>[1]: <a href="https://www.ssllabs.com/ssl-pulse/" rel="nofollow">https://www.ssllabs.com/ssl-pulse/</a>
[2]: <a href="https://www.ssllabs.com/ssltest/clients.html" rel="nofollow">https://www.ssllabs.com/ssltest/clients.html</a>
Last year I disabled TLS 1.0/1.1 on my <i>personal server</i> and encountered problems. Turns out Mono (Keepass2Android) and Qt (QBittorrent) libraries on Android for some reason had not enabled higher-than-TLS-1.0 support, although AFAIK they supported it at the time.<p>So yeah, I ended up reenabling TLS 1.0/1.1 on a system on which I had <i>full control</i> over the clients connecting to it. Given the difficulty and nature of current attacks, I figured the low risks to me personally weren't worth the inconvenience.<p>I commend the Debian project for making the push for this, but I wonder if the world is ready to be TLS 1.2+ only.
I predict hereby that this change won't last long.<p>While cryptographically it's the right move (everything below TLS 1.2 with an AEAD is cryptographically broken), this disables connectivity with half of the Internet. There is a huge number of hosts out there running on legacy hardware that won't do anything beyond TLS 1.0.
I also have disabled all versions before TLS 1.2, any key exchange other than x25519 (I wanted to avoid the NSA curves) and all encryption/mac algorithms other than Chacha20-poly1305. It works just fine with the last Firefox ESR and Chromium that way.
Is there a plugin or setting for Firefox or Chrome that would give me stats on server protocol support for my own interactions?<p>I'm pretty sure the preference is newer versions of TLS where available. So would be interesting to see if this would have any impact on ones own browsing habits (ignoring the fact that FF has its own TLS lib so wouldn't be using OpenSSL anyway).