oss-sec mailing list archives

Re: feedback requested regarding deprecation of TLS 1.0/1.1

From: Demi Marie Obenour <demi () invisiblethingslab com>
Date: Wed, 7 Aug 2024 17:55:41 -0400

On Wed, Aug 07, 2024 at 07:48:07PM +0200, Solar Designer wrote:

Hi,

I think there are two categories of use cases that need a wide range of
supported protocol versions:

1. Hosting a public server that's meant to be usable by the widest
audience possible, including from both up-to-date and older systems.
For example, a website should display in latest web browsers, but
command-line downloads from the same server should also work from old
systems (e.g., running LTS distros).

2. Scanning or crawling a wide variety of systems, e.g. by a search
engine indexer, an asset enumeration tool, a security scanner, or during
a pentest.

For both of these categories, it's desirable to have a maintained
library that supports this wide range of protocol versions.  The proxy
solution that Demi Marie Obenour advocates for isn't of enough help.  It
could kind of work for #1, but it'd require two different end-points
that users would need to explicitly choose between, or some other hacks.
For #2, a workaround is to use two libraries, maybe trying the newer one
first followed by a fallback to the older, but this may also be tricky
(e.g., linking them into the same program might clash).


That is indeed valid, thank you.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Attachment: signature.asc
Description:

Current thread:

Re: feedback requested regarding deprecation of TLS 1.0/1.1, (continued)
- - - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour (Aug 07)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 niekt0 (Aug 07)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Solar Designer (Aug 07)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Pat Gunn (Aug 07)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso (Aug 07)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang (Aug 08)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso (Aug 08)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 steffen (Aug 08)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann (Aug 09)
    - Re: collision confounders (was: feedback requested regarding deprecation of TLS 1.0/1.1) Jacob Bachmeyer (Aug 16)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour (Aug 08)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang (Aug 08)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 09)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jens Timmerman (Aug 09)
    - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Marco Moock (Aug 07)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang (Aug 06)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour (Aug 06)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Alex Gaynor (Aug 06)
  - Re: feedback requested regarding deprecation of TLS 1.0/1.1 Neil Horman (Aug 07)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jan Engelhardt (Aug 06)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Duncan Grisby (Aug 08)

(Thread continues...)