Do all emby clients now support TLSv1.3 ?

[TMCsw 122]

As subject say’s because I’d like to disable TLSv1.2 in my reverse proxy for security reasons. I remember reading a post quite while back the there were some clients that don’t but I can’t find that post at the moment.

If not is there a list of clients that don’t yet support 1.3 ? As all main browsers have done so for a while now.. TLS1.3 caniuse.com

[Luke 37089]

Hi, for the most part this is deferred to device and operating system support, so it's really just hard to say. I would say generally speaking the older your client devices are, the more likely you're going to have trouble trying to disable TLS 1.2.

[TMCsw 122]

Okay, so I’ll leave it in for now as it’s probably not much of a risk anyway (I just like to run a tight ship) 

[rbjtech 4276]

Currently, there is zero reason to disabled TLS 1.2 - but what you should do is remove/restrict the less secure algorithms/ciphers that it can use.

If you want an A+ on Qualys/SSL Labs - then you'll need to disable them anyway (along with all the other requirements obviously - HSTS, CAA etc)

TLS 1.0 and 1.1 - of course, this should have been disabled years ago..  

https://www.ssllabs.com/ssltest/

Edited March 22 by rbjtech

[Lessaj 61]

This cipher suite will give you all the highest ciphers for TLS 1.2 and 1.3, no mention of weak ciphers on ssllabs. At least that's my experience with my own setup.

SSLCipherSuite HIGH:!MEDIUM:!SSLv3:!kRSA:!SHA1:!SHA256:!SHA384:!DSS:!aNULL