TMCsw 123 Posted March 21 Share Posted March 21 As subject say’s because I’d like to disable TLSv1.2 in my reverse proxy for security reasons. I remember reading a post quite while back the there were some clients that don’t but I can’t find that post at the moment. If not is there a list of clients that don’t yet support 1.3 ? As all main browsers have done so for a while now.. TLS1.3 caniuse.com Link to comment Share on other sites More sharing options...
Luke 37272 Posted March 21 Share Posted March 21 Hi, for the most part this is deferred to device and operating system support, so it's really just hard to say. I would say generally speaking the older your client devices are, the more likely you're going to have trouble trying to disable TLS 1.2. 1 Link to comment Share on other sites More sharing options...
TMCsw 123 Posted March 21 Author Share Posted March 21 Okay, so I’ll leave it in for now as it’s probably not much of a risk anyway (I just like to run a tight ship) 1 1 Link to comment Share on other sites More sharing options...
rbjtech 4342 Posted March 22 Share Posted March 22 (edited) Currently, there is zero reason to disabled TLS 1.2 - but what you should do is remove/restrict the less secure algorithms/ciphers that it can use. If you want an A+ on Qualys/SSL Labs - then you'll need to disable them anyway (along with all the other requirements obviously - HSTS, CAA etc) TLS 1.0 and 1.1 - of course, this should have been disabled years ago.. https://www.ssllabs.com/ssltest/ Edited March 22 by rbjtech Link to comment Share on other sites More sharing options...
Lessaj 83 Posted March 22 Share Posted March 22 This cipher suite will give you all the highest ciphers for TLS 1.2 and 1.3, no mention of weak ciphers on ssllabs. At least that's my experience with my own setup. SSLCipherSuite HIGH:!MEDIUM:!SSLv3:!kRSA:!SHA1:!SHA256:!SHA384:!DSS:!aNULL Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now