caniuse.com only supports TLS 1.0, unsafe RC4, only supports weak cipher suites

Created on 14 Apr 2018  路  11Comments  路  Source: Fyrd/caniuse

The Can I Use webserver only support TLS 1.0, allows RC4 cipher suites, and only supports extremely weak cipher suites.

TLS 1.0 and even 1.1 are being deprecated at this point, and RC4 cipher suites have been known unsafe for years and the IETF themselves proposed their prohitibition in 2015.

Please at the minimum support TLS 1.2/1.1 and disable RC4 suites.

Recommend only allowing TLS 1.2, and AEAD cipher suites.

Misc. sitdata request
Source
picture ATI-RV350
👍14

Most helpful comment

Alright folks, TLS 1.2 supported and an "A+" on SSL Labs now 鈽猴笍

picture Fyrd on 21 Oct 2018
🎉32

All 11 comments

+1

Test: https://www.ssllabs.com/ssltest/analyze.html?d=caniuse.com&hideResults=on

Schweinepriester picture Schweinepriester on 16 Apr 2018
👍1

Test: https://www.ssllabs.com/ssltest/analyze.html?d=caniuse.com&hideResults=on

C rating. That's indeed weak.

304NotModified picture 304NotModified on 17 Apr 2018
👍1

Any news? Anything we can help? Note that TLS 1.3 has finally made it to RFC 8446.

FranklinYu picture FranklinYu on 14 Aug 2018

Still C rating unfortunately (https://www.ssllabs.com/ssltest/analyze.html?d=caniuse.com&hideResults=on)

Summary:

image

image

image

304NotModified picture 304NotModified on 14 Aug 2018
👍1

Any update on this? There really is no excuse not to have TLS 1.2 enabled at this point. There is already an IETF draft to disable TLS 1.0. Please enable TLS 1.2.

kroeckx picture kroeckx on 5 Sep 2018
👍4

Four browser engines announced a schedule for removal of TLS 1.0 and 1.1:
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/

dbaron picture dbaron on 16 Oct 2018
👍3

bump @Fyrd

304NotModified picture 304NotModified on 16 Oct 2018

Working on it. Hope to have it updated by the end of the month.

Fyrd picture Fyrd on 17 Oct 2018
👍5

Alright folks, TLS 1.2 supported and an "A+" on SSL Labs now 鈽猴笍

Fyrd picture Fyrd on 21 Oct 2018
🎉32

Can confirm.

  • [x] 4096-bit certificate (default of certbot is 2048-bit)
  • [x] 4096-bit Diffie-Hellman (anything equal to or higher than 2048 is good)
  • [x] No RSA as key-exchange algorithm, so all ciphers support Perfect Forward Secrecy.
  • [x] EDCHE (to save computation for both browser and server)
  • [x] No TLS 1.0 (PCI Compliance)

This is outstanding.

FranklinYu picture FranklinYu on 21 Oct 2018
3

Funny, SSL labs crashes on me. Not sure if this is an issue of SSL labs:

try 1:

image

try 2:

image

update: caniuse.com is down/unstable.

304NotModified picture 304NotModified on 23 Oct 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

valioDOTch picture valioDOTch  路  3Comments
36degrees picture 36degrees  路  3Comments
Fyrd picture Fyrd  路  3Comments
rogeriotaques picture rogeriotaques  路  3Comments
myfonj picture myfonj  路  3Comments