• FOSS Is Fun@lemmy.ml
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    11 months ago

    Actually it is the same story with TLS 1.3 and TLS 1.2. A bunch of sites still doesn’t support TLS 1.3 (e. g. arstechnica.com, startpage.com) and some of them only support TLS 1.2 with RSA (e. g. startpage.com).

    You can try this yourself in Firefox by disabling ciphers (search for security.ssl3 in about:config) or by setting the minimum TLS version to 1.3 (security.tls.version.min = 4 in about:config).

    • deepdive@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      Strange enough TLS 1.3 still doesn’t support signed ed25519 certificates :| P‐256, NIST P‐384 or NIST P‐521 curves are known to be “backdoored” or having deliberately chosen mathematical weakness. I’m not an expert and just a noob security/selfhoster enthusiast but I don’t want to depend on curves made by NSA or other spy agencies !

      I also wondering if the EU isn’t going to implement something similar with all their new spying laws currently discussed…