Where can I enable older TLS versions?
-
I'm looking for the Vivaldi equivalent of this:
Where can I find it?
Thanks in advance!
<i>"... Manners maketh man..."</i>
-
๐ปVolunteer helper ยท Forum moderator ยท Sopranos tester ๐ ๏ธTroubleshooting ๐Report a bug ๐Markdown help
๐ฆ"With a rubber duck, one's never alone" -Douglas Adams๐ฆ -
@dannii FYI TLS 1.2 (3,3) is the oldest supported version now, there is no flags able to enable the older ones. The reason is that those older versions are too unsecure.
The code for those older versions were removed over a year ago.
Developer and Security Expert at Vivaldi.
-
@Pathduck Thank you! !Will look into ti!
-
@yngve Hello! Ah darn! I need it to test and troubleshoot a very old internal network that does not allow any older versions.
Should I just present a Feature request that we can fully control which versions at the user's risk, like in FF? This would help to maintain a "user owns software" aspect, in contrast to the Apple-esque walled garden non-option of "we removed this because it's not good for you".
Would love to hear your thoughts!
-
@dannii I am not sure, but IIRC even current versions of OpenSSL has removed support for TLS 1.1 and below.
We are not going to reintroduce TLS 1.1 or earlier. Full stop.
It is just too dangerous. Potential (or existing) downgrade attacks can force clients to use a vulnerable protocol version supported by some server, and you would never be able to tell.
The internal network should be updated to modern server software instead.
Let me put it this way: TLS 1.1 was introduced in 2006, TLS 1.0 in 1999; TLS 1.2 was introduced in 2008. This means that any server software that uses TLS 1.1 is at least 16 years old. If it uses TLS 1.0 it might be up to 25 years old.
The only way to troubleshoot something like that is to replace the software with something more modern.
-
@yngve Fair enough! And thanks for the breakdown!
