Chris's Wiki :: blog/web/FirefoxOldTLSWarning Commentshttps://utcc.utoronto.ca/~cks/space/blog/web/FirefoxOldTLSWarning?atomcommentsDWiki2020-05-03T14:48:39ZRecent comments in Chris's Wiki :: blog/web/FirefoxOldTLSWarning.By James on /blog/web/FirefoxOldTLSWarningtag:CSpace:blog/web/FirefoxOldTLSWarning:efb0727f25a06c178365495006412626c793745eJames<div class="wikitext"><p>Keeping an old browser around for accessing out-of-date systems is a pretty common thing for a sysadmin to do.</p>
</div>2020-05-03T14:48:39ZBy Carsten on /blog/web/FirefoxOldTLSWarningtag:CSpace:blog/web/FirefoxOldTLSWarning:b47a065f5b1ea1b08cec23a8a102b0cdeb375dc9Carstenhttps://blog.defaultroutes.de<div class="wikitext"><p>One solution for legacy systems would be to place a reverse TLS web-proxy in front of the legacy system that talks TLS 1.0 to the old system and modern TLS 1.3 to the browser. nginx can do this, but also something simple like stunnel would work.</p>
<p>It also works the other way, accessing modern TLS enabled server from legacy client software (but be aware of the security risks of using legacy software in the Internet)</p>
</div>2020-04-26T18:53:39ZBy sapphirepaw on /blog/web/FirefoxOldTLSWarningtag:CSpace:blog/web/FirefoxOldTLSWarning:fd42089a197d7fbbb0a3cb47cd28333337f40263sapphirepawhttps://keybase.io/sapphirepaw<div class="wikitext"><p>The plan was announced with approximately 2 years planned: <a href="https://www.ghacks.net/2018/10/16/all-major-browsers-drop-tls-1-0-and-1-1-in-2020/">All major browsers [to] drop TLS 1.0 and 1.1 in 2020</a></p>
<p>Mozilla postponed their initial plan to drop it in Firefox 74; at the time of writing, the <a href="https://www.fxsitecompat.dev/en-CA/docs/2020/tls-1-0-1-1-support-has-been-removed/">current site compatibility note</a> indicates a plan to leave it enabled through Firefox 77 at minimum.</p>
<p>Chrome currently <a href="https://www.chromestatus.com/feature/5759116003770368">plans for removal in Chrome 84</a>.</p>
<p>I realize this doesn't really help. It's more like the Vogon saying over the PA system, "All the planning charts and demolition orders have been on display in your local planning department in Alpha Centauri for fifty of your Earth years…" But I hope it's informative, at least.</p>
</div>2020-04-25T15:26:27ZFrom 157.52.7.136 on /blog/web/FirefoxOldTLSWarningtag:CSpace:blog/web/FirefoxOldTLSWarning:e3b54d1ecfb6787a9dcf7bc76357bafd3848b710From 157.52.7.136<div class="wikitext"><blockquote><p><em>TLS 1.0 and TLS 1.1 will be permanently disabled in a future release.</em></p>
</blockquote>
<p>I certainly hope not. We have a lot long-term (embedded) legacy systems (e.g., HVAC) that will probably not be getting updates any time soon. I guess one option would be to have a stand-alone / portable instances just for that.</p>
</div>2020-04-25T11:06:05Z