Re: [TLS] TLS 1.0

Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 09 January 2018 19:48 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C89812D77A for <tls@ietfa.amsl.com>; Tue, 9 Jan 2018 11:48:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.404
X-Spam-Level:
X-Spam-Status: No, score=-0.404 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SUBJ_ALL_CAPS=1.506, T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2EAGspZQoF8 for <tls@ietfa.amsl.com>; Tue, 9 Jan 2018 11:48:34 -0800 (PST)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BFA912D7EC for <tls@ietf.org>; Tue, 9 Jan 2018 11:48:33 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id B346453D1B; Tue, 9 Jan 2018 21:48:31 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id F7rVtGxHgSYO; Tue, 9 Jan 2018 21:48:31 +0200 (EET)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 67EBD2308; Tue, 9 Jan 2018 21:48:29 +0200 (EET)
Date: Tue, 9 Jan 2018 21:48:29 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Jason Mitchell <jmitchell@ticketsauce.com>
Cc: tls@ietf.org
Message-ID: <20180109194829.GA31961@LK-Perkele-VII>
References: <CA+MNyUHGa+=Hgae4OSAn3UJ49_SeFZy2j+PRz71asJ4oDBFNow@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CA+MNyUHGa+=Hgae4OSAn3UJ49_SeFZy2j+PRz71asJ4oDBFNow@mail.gmail.com>
User-Agent: Mutt/1.9.2 (2017-12-15)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ViKOLdPxsOAKwOleCl-YL-iOVG0>
Subject: Re: [TLS] TLS 1.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2018 19:48:36 -0000

On Tue, Jan 09, 2018 at 08:52:25AM -0800, Jason Mitchell wrote:
>  Hello,
> 
> I'm actually looking for a list of browsers that still support TLS 1.0.
> Any information that you can provide would be greatly appreciated.

I think all browsers (outside some research stuff) support TLS 1.0.
After all, TLS 1.0 is still the most widely implemented TLS version
in the web serverside (TLS 1.2 is projected to overtake it in a few
months).

Basically, not supporting TLS 1.0 would cause horrible failure rates
(and this also goes for some other very broken stuff like static RSA).


This certainly includes the newest versions of (the full list would be
pretty much the same as list of browsers):

- Firefox (and its derivates)
- Chrome (and Chromium)
- Internet Explorer
- Opera
- Edge
- Safari
- Konqueror

And many lesser-known browsers.


On the positive side, even semi-recent versions of all the listed
browsers do support TLS 1.2.


(Debian unstable a few months ago was such that if you installed
Konqueror from the repository, TLS 1.0 was hard-disabled in it).


-Ilari