On 2018-06-24 23:38, L A Walsh wrote:
Andrew Colvin wrote:
TLS1.0 and 1.1 are depricated
1) Where do you see that TLS1.1 is deprecated? I see that for TLS1l.0 but not 1.1. Nevertheless, TLS1.2 is available.
and most websites have them turned off for
security reasons the same as SSL version. The old browser may also not be ale to negotiate with the SHA2 certs as SHA1 is also past it life and most browsers and sites no longer support so if your browser cannot handle SHA2 then you will not connect. Aditionally you may have old cipher support only and many of these are disabled on the servers for the health of the server.
Those are all fine and good if they were true. But no other sites that I have found have problems with my security ciphers or hashes. Of *KEY* importance here is that one of the main reasons for moving sites to "https", was the insistence of Google for "https everywhere". One would think that one or many of their sites would fail in the same way if my browser didn't support new enough algorithms. The fact that they don't -- and it is google that is pushing for this security, AND the fact that other sites like my bank, credit-card, private-health and commerce sites don't have a problem with my browser. If they thought it was a security risk, wouldn't they be among the first to implement changes?
Security and banks is an oxymoron. My bank uses a 4 digit numeric pin on its web page. Banks keep using old systems because of cost of change and tradition. See the bank software crash in the UK a month or two ago as an example. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)