Support for TLS 1.0 and 1.1

About this bulletin board and the Pale Moon website

Moderators: FranklinDM, Lootyhoof

Post Reply
User avatar
Admin
Site Admin
Site Admin
Posts: 297
Joined: 2012-05-17, 19:06

Support for TLS 1.0 and 1.1

Post by Admin » 2019-10-18, 10:49

We'll be removing support for TLS 1.0 and 1.1 on the forum soon. This is in line with the general recommendation of standards bodies and will prevent the forum from being penalized (e.g. by search engines) in the near future.

Background: TLS 1.2 has been a standard for a long time and has been supported by all current browsers for years (Chrome 30+, Firefox 27+, Pale Moon 24.3.2+, MSIE 10/11 (depending on operating system), Safari 7+). It is considerably more secure than TLS 1.0 and 1.1, and has been a strong recommendation in the descriptions of those protocols.

This should not impact anyone with some semblance of responsible browser/Internet use.
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"

bgstack15
Moonbather
Moonbather
Posts: 69
Joined: 2018-01-22, 23:04

Re: Support for TLS 1.0 and 1.1

Post by bgstack15 » 2019-10-31, 12:59

Thanks for the heads up! I don't expect my client browsers to have any problems, but should something happen, I will think of this change first.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 26667
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Support for TLS 1.0 and 1.1

Post by Moonchild » 2020-02-12, 12:08

We've applied this policy to all cloudflare-backed parts of palemoon.org as well now. If you are on a very old browser (including IE8-10 on Win 7) then you can still access the website over http for downloads, but https will require at least IE11 or other TLS 1.2 supporting browsers.
Our practical usage figures of TLS 1.0 and 1.1 through cloudflare justified this (only 0.3% of requests would be using 1.0 or 1.1 at this point, which are likely all bots/scripts anyway)
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

Post Reply