Skip to main content

I've asked it in a poll in 8/2021 at Mastodon.technology, now it's time for a refresher: To improve #security I finally consider to really drop support for #TLS 1.0/1.1 (see blog.qualys.com/product-tech/2… and e.g. ssllabs.com/ssltest/analyze.ht…). This basically would affect devices running Android < 4.4. As I do not want to lock anybody out, I'd like to see how many of you would this effect.

🇩🇪 Noch wer mit Android < 4.4 unterwegs und somit auf TLS 1.0/1.1 angewiesen (1. ja, 2. macht nix, 3. nein)?

So:


SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols | Qualys Security Blog

Update 1/31/2020: The grade change is now live on www.ssllabs.com. Servers that support TLS 1.0 or TLS 1.1 are capped to B grade. Update 1/16/2020: The grade change is now live on the development…
Qualys Security Blog

  • I still use such a device and need compatibility (1%, 4 votes)
  • I still use such a device but wouldn't mind (6%, 21 votes)
  • I don't care (92%, 320 votes)
345 voters. Poll end: 1 year ago

#security #tls

IzzyOnDroid ✅ reshared this.

Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅

@stevelord This has nothing to do with APKs, it's about my websites. And some of those are on topics around Android, visited by many folks with mobile devices.

TLS 1.0/1.1 have been deprecated around 2018. TLS 1.1 was implemented with Android 4.4.2. Older devices don't support it out-of-the-box, but app developers can integrate a library for that.

So the question is really just about 1) website visitors and 2) access to my F-Droid repo from Android devices. Not about the APKs provided there.

@Steve Lord
in reply to IzzyOnDroid ✅

🛡 TheRealSamsy
🛡 TheRealSamsy
the 1% kills me.
in reply to 🛡 TheRealSamsy

IzzyOnDroid ✅
IzzyOnDroid ✅

@samsy well, Kitkat was released when? 10/2013. That 1% must be using something before that, i.e. JellyBean (4.3: 7/2013) or older. Those devices are at least 10 years old and haven't seen any security updates in ages. They should better not be connected to the Internet any more at all (no blaming).

I have one such device still in use here, but just as a night stand (a 2010 Motorola Milestone 2, thanks to CM running Kitkat). Don't use that for network stuff, just clock & alarm.

@🛡 TheRealSamsy
in reply to IzzyOnDroid ✅

IzzyOnDroid ✅
IzzyOnDroid ✅
Wow, cannot boost the same post twice ("already exists")? OK, then a reminder to put in your vote ☝️ Poll ends in 1.5 days…
in reply to IzzyOnDroid ✅

alcinnz
alcinnz
The inability to reboost appears to be due to the lag routing posts which has repeatedly surfaced since the Twitter fiasco.
in reply to IzzyOnDroid ✅

Buntbart
Buntbart
Doesn't exactly look like a neck-and-neck race.
in reply to Buntbart

IzzyOnDroid ✅
IzzyOnDroid ✅
@oausi no, doesn't. I wait for the tail to disappear so I can turn the old stuff off 🙊 Honestly, I boost to make the results more representative due to more votes. I state I didn't want to leave anyone behind – so if it's just 1..2 people, I'd ask to contact me personally to see if we can sort it out. I at least want to see if I can offer some work-around then – but I cannot carry along those old protocols forever. Yes, I was hoping for a zero there…
@Buntbart
in reply to Nordnick

IzzyOnDroid ✅
IzzyOnDroid ✅
@nick Tried that (toggling the boost button twice). It complained that… WTF, guess it just meant I should wait for some of the "routing posts" @alcinnz mentioned. I just tried again and it worked. Thanks to both of you! Without your comments I wouldn't have tried again 🙈
@alcinnz @Nordnick
in reply to IzzyOnDroid ✅

Tek say resist
Tek say resist
I support only 1.2+ to enhance the security of the other 99.9% of users.
Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅
@iameru It's just about my servers. I do not have the powers to remove it "everywhere". But I want to provide the best security I can manage – so removing of deprecated old TLS versions is one thing on my todo list, yes. Ideally without locking anyone out.
@iameru
Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅
@iameru In a way yes. With the difference that that's no security issue. And honestly: humans can remember their home network addresses all start with e.g. 192.168.1. and their router probably has the 1 (and their main PC the 2) appended – but did you even remember a single IPv6 address?
@iameru
in reply to IzzyOnDroid ✅

IzzyOnDroid ✅
IzzyOnDroid ✅

🇩🇪 OK, keine große Mehrheit für die Beibehaltung von TLS 1.0/1.1, wie es scheint. Vielleicht können sich die 2-4 Betroffenen (~1% von 345) ja kurz melden, ob sich eine Lösung für Euch finden ließe? Wer sich nicht "öffentlich outen" möchte, auch gern per DM.

🇺🇸 obviously no big majority to keep TLS 1.0/1.1. Maybe the 2..4 people affected (~1% of 345) could contact me to see if there's a solution for them? DM of course OK if you don't want to "go public".

in reply to IzzyOnDroid ✅

Radasbona
Radasbona

wir haben Tatsache noch ein Tablett mit Android 4.0.3 rumliegen. 😇
Filme für die Kids auf längeren Autofahrten, Italien & Co...

Größtenteils offline Betrieb. Nur falls du dich fragst wie so alte Geräte noch benutzt in Betrieb sein können.😁

in reply to Radasbona

IzzyOnDroid ✅
IzzyOnDroid ✅
@radasbona Ja, so eins ist bei mir auch noch im Einsatz, komplett offline, nur als eBook-Readr. Bestückung via USB – das sollte auch für Filme funktionieren. Mein ältestes Gerät ist von 2010, hat aber Dank CyanogenMod noch Android 4.4 bekommen. Die Tabbis mit 4.1/4.2 habe ich eigentlich so gut wie nie im Einsatz, mein "Lesebuch" hat Android 5.1.
@Radasbona