Re: feedback requested regarding deprecation of TLS 1.0/1.1

[Demi Marie Obenour <demi () invisiblethingslab com>]

On Tue, Aug 06, 2024 at 05:02:14AM -0400, Neil Horman wrote:
> Neil Horman <nhorman () openssl org>
> 4:19 AM (42 minutes ago)
> to openssl-security
>
> OpenSSL is currently considering the deprecation of the TLS 1.0/1.1
> protocols.  Currently TLS1.1 and TLS 1.0 are disabled at run time, and
> requires enablement by reducing the ssl security level value.
>
> The current proposal under consideration is to explicitly disable TLS
> 1.0/1.1 at build time, in our 4.0 release (tentatively scheduled to release
> in the next 12-18 months), with an eye to completely remove the impacted
> code in a future major release.  The default configuration could be
> overridden to re-enable TLS 1.0/1.1 at build time.
>
> Questions to the community are:
>
> 1) Are distributions/users comfortable with this approach in the time frame
> proposed?
>
> 2) Would builders of OpenSSL consider using the default configuration (with
> TLS1.0/1.1 disabled in 4.0), or would they ship with these protocols
> re-enabled in their builds?
>
> 3) If the deprecated protocols are re-enabled, what would constitute a
> reasonable warning mechanism to inform users that these protocols are going
> away at some point in the future to pressure users to update to a newer,
> more secure protocol?
>
> Input on these questions is requested and appreciated

I’m fine with this.  Anyone who needs compatibility with obsolete
protocols should use a dedicated proxy.  I would also be fine with
dropping support for non-AEAD ciphers in TLS 1.2.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Attachment: signature.asc
Description: