Mailinglist Archive: opensuse (1355 mails)

< Previous Next >
Re: [opensuse] Re: opensuse sites *appear* not to be following recommended TLS settings.
On 2018-06-24 23:38, L A Walsh wrote:
Andrew Colvin wrote:
TLS1.0 and 1.1 are depricated
    1) Where do you see that TLS1.1 is deprecated?  I see
that for TLS1l.0 but not 1.1.  Nevertheless, TLS1.2 is available.

and most websites have them turned off for
security reasons the same as SSL version.  The old browser may also
not be ale to negotiate with the SHA2 certs as SHA1 is also past it
life and most browsers and sites no longer support so if your browser
cannot handle SHA2 then you will not connect.  Aditionally you may
have old cipher support only and many of these are disabled on the
servers for the health of the server. 
    Those are all fine and good if they were true.  But no other sites
that I have found have problems with my security
ciphers or hashes.  Of *KEY* importance here is that one of the
main reasons for moving sites to "https", was the insistence of
Google for "https everywhere".  One would think that one or many
of their sites would fail in the same way if my browser didn't support
new enough algorithms.  The fact that they don't -- and it is google
that is pushing for this security, AND the fact that other sites
like my bank, credit-card, private-health and commerce sites don't
have a problem with my browser.  If they thought it was a security
risk, wouldn't they be among the first to implement changes?

Security and banks is an oxymoron.

My bank uses a 4 digit numeric pin on its web page.

Banks keep using old systems because of cost of change and tradition.
See the bank software crash in the UK a month or two ago as an example.

Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >