mastodon - Link to source

I've asked it in a poll in 8/2021 at Mastodon.technology, now it's time for a refresher: To improve #security I finally consider to really drop support for #TLS 1.0/1.1 (see blog.qualys.com/product-tech/2… and e.g. ssllabs.com/ssltest/analyze.ht…). This basically would affect devices running Android < 4.4. As I do not want to lock anybody out, I'd like to see how many of you would this effect.

🇩🇪 Noch wer mit Android < 4.4 unterwegs und somit auf TLS 1.0/1.1 angewiesen (1. ja, 2. macht nix, 3. nein)?

So:


SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols | Qualys Security Blog

Update 1/31/2020: The grade change is now live on www.ssllabs.com. Servers that support TLS 1.0 or TLS 1.1 are capped to B grade. Update 1/16/2020: The grade change is now live on the development…
Qualys Security Blog

  • I still use such a device and need compatibility (1%, 4 votes)
  • I still use such a device but wouldn't mind (6%, 21 votes)
  • I don't care (92%, 320 votes)
345 voters. Poll end: 2 years ago

#security #tls

IzzyOnDroid ✅ reshared this.

Unknown parent

mastodon - Link to source

IzzyOnDroid ✅

@stevelord This has nothing to do with APKs, it's about my websites. And some of those are on topics around Android, visited by many folks with mobile devices.

TLS 1.0/1.1 have been deprecated around 2018. TLS 1.1 was implemented with Android 4.4.2. Older devices don't support it out-of-the-box, but app developers can integrate a library for that.

So the question is really just about 1) website visitors and 2) access to my F-Droid repo from Android devices. Not about the APKs provided there.

@Steve Lord
in reply to 🛡 TheRealSamsy

mastodon - Link to source

IzzyOnDroid ✅

@samsy well, Kitkat was released when? 10/2013. That 1% must be using something before that, i.e. JellyBean (4.3: 7/2013) or older. Those devices are at least 10 years old and haven't seen any security updates in ages. They should better not be connected to the Internet any more at all (no blaming).

I have one such device still in use here, but just as a night stand (a 2010 Motorola Milestone 2, thanks to CM running Kitkat). Don't use that for network stuff, just clock & alarm.

@🛡 TheRealSamsy
in reply to Buntbart

mastodon - Link to source

IzzyOnDroid ✅

@oausi no, doesn't. I wait for the tail to disappear so I can turn the old stuff off 🙊 Honestly, I boost to make the results more representative due to more votes. I state I didn't want to leave anyone behind – so if it's just 1..2 people, I'd ask to contact me personally to see if we can sort it out. I at least want to see if I can offer some work-around then – but I cannot carry along those old protocols forever. Yes, I was hoping for a zero there…
@Buntbart
Unknown parent

mastodon - Link to source

IzzyOnDroid ✅

@iameru In a way yes. With the difference that that's no security issue. And honestly: humans can remember their home network addresses all start with e.g. 192.168.1. and their router probably has the 1 (and their main PC the 2) appended – but did you even remember a single IPv6 address?
@iameru
in reply to IzzyOnDroid ✅

mastodon - Link to source

IzzyOnDroid ✅

🇩🇪 OK, keine große Mehrheit für die Beibehaltung von TLS 1.0/1.1, wie es scheint. Vielleicht können sich die 2-4 Betroffenen (~1% von 345) ja kurz melden, ob sich eine Lösung für Euch finden ließe? Wer sich nicht "öffentlich outen" möchte, auch gern per DM.

🇺🇸 obviously no big majority to keep TLS 1.0/1.1. Maybe the 2..4 people affected (~1% of 345) could contact me to see if there's a solution for them? DM of course OK if you don't want to "go public".