Showing posts from July, 2021

Secure Cipher Suites and TLS

  TLS As of writing (July 2021), there is really only one widely supported, secure protocol for establishing secure communications on the Internet -- TLS 1.2.  Even Microsoft which has a history of supporting legacy items (looking at you Internet Explorer) is deprecating TLS 1.0 and TLS 1.1  in many of its products (and in some cases outright disabling). And just in case it wasn't clear, all versions of SSL are insecure as well. Fully updated installs of  Windows 10  and  macOS , unfortunately, still leave TLS 1.0 enabled for client and server connections. Chrome, Safari, Firefox, and Edge dropped support for anything less than TLS 1.2 a while back now . If you're using an up-to-date version of one of those browsers you are good-to-go there (note this doesn't mean other applications on your system won't use TLS 1.0/1.1). Vendors are currently working on adoption and I hope that very soon TLS 1.3 will replace TLS 1.2. Cloudflare has a fantastic blog post  on TLS 1.3 cove