TMCsw 170 Posted March 21, 2024 Posted March 21, 2024 As subject say’s because I’d like to disable TLSv1.2 in my reverse proxy for security reasons. I remember reading a post quite while back the there were some clients that don’t but I can’t find that post at the moment. If not is there a list of clients that don’t yet support 1.3 ? As all main browsers have done so for a while now.. TLS1.3 caniuse.com
Luke 39847 Posted March 21, 2024 Posted March 21, 2024 Hi, for the most part this is deferred to device and operating system support, so it's really just hard to say. I would say generally speaking the older your client devices are, the more likely you're going to have trouble trying to disable TLS 1.2. 1
TMCsw 170 Posted March 21, 2024 Author Posted March 21, 2024 Okay, so I’ll leave it in for now as it’s probably not much of a risk anyway (I just like to run a tight ship) 1 1
rbjtech 4950 Posted March 22, 2024 Posted March 22, 2024 (edited) Currently, there is zero reason to disabled TLS 1.2 - but what you should do is remove/restrict the less secure algorithms/ciphers that it can use. If you want an A+ on Qualys/SSL Labs - then you'll need to disable them anyway (along with all the other requirements obviously - HSTS, CAA etc) TLS 1.0 and 1.1 - of course, this should have been disabled years ago.. https://www.ssllabs.com/ssltest/ Edited March 22, 2024 by rbjtech
Lessaj 280 Posted March 22, 2024 Posted March 22, 2024 This cipher suite will give you all the highest ciphers for TLS 1.2 and 1.3, no mention of weak ciphers on ssllabs. At least that's my experience with my own setup. SSLCipherSuite HIGH:!MEDIUM:!SSLv3:!kRSA:!SHA1:!SHA256:!SHA384:!DSS:!aNULL
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now