Drop support to TLS 1.0, 1.1

Discussion in 'Developers' Forum' started by ahrasis, Oct 17, 2018.

  1. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Dropping support for these protocols right now might be an issue especially for companies as these do not install bleeding edge versions of browsers and there are probably many devices like phones or tablets which do not get updates will not be able to visit sites hosted on that server anymore, so web users won't be happy with such a move. When browsers drop support for these protocols, then it should be fine when the server still offers them, the browser just won't use the older protocol. But in the end, the administrator of the server can decide that for his system, maybe we can make it easier to set the allowed protocols by making them configurable in the UI though.

    In regard to TLS 1.3, we should add it when the Linux distribution where ISPConfig is installed on supports it. There are some really old Distributions like CentOS 6 which have still LTS support. So what we probably need is to add some code that detects which TLS versions are supported by the OS.
    ahrasis likes this.

Share This Page