- cross-posted to:
- main@sh.itjust.works
- cross-posted to:
- main@sh.itjust.works
You must log in or # to comment.
What about TLS 1.2?
Should still be good for now
Not really, here’s why:
- weak ciphers
- SCSV (protocol fallback)
That’s why I didn’t go for that thankless job.
I’ll take a look at our configs tomorrow 👍
Were we outdated? I see we’re using TLS 1.3 right now, and at least the certificate was last created/renewed before this post (created July 16, post on Aug 6). I know that’s not really a metric, but my browser at least has the minimum TLS version set to 3, so I would absolutely have noticed if SJW used anything older.
I guess it’s possible we allowed older TLS versions, but at least the version I’m connecting with is completely fine.