Copy-pasting from an email exchange after one of our institutions received an email saying that some/all of their domains had deprecated versions of TLS -
There are pros and cons for disabling these.
1. You can see which clients will be affected by looking at the last answer at
2.
If you log in to your cloudflare dashboard, click on your domain, then
SSL/TLS --> Overview on the left hand pane, you can find a percentage
of users still using TLS 1.0 etc.
3. The
security risk is that the users who use TLS 1.0 etc have a finite risk
of being tricked into going to some other site masquerading as our site,
since the certificate is vulnerable, and then stealing the data they
send to our site. Example attacks are at
https://www.acunetix.com/blog/
https://www.acunetix.com/blog/
4.
If you want to disable TLS 1.0 and 1.1, you can do it from your
cloudflare dashboard, click on the relevant website, go to SSL/TLS
--> Edge Certificates and choose minimum TLS version to be 1.2
.png)
They have now moved to a higher min TLS version.
No comments:
Post a Comment