Am 13.09.2013 11:45, schrieb Darren Pilgrim:
On 9/11/2013 3:52 PM, Reindl Harald wrote:
and that is why i said most widely used does not
RHEL5: openssl-0.9.8e RHEL6: openssl-1.0.0 Fedora 17: openssl-1.0.0k Fedora 18: openssl-1.0.1e
RHEL with outdated software bundled? You don't say. ;)
bulls** - google for LTS
Let's look at the rest of the world:
Firefox and Thunderbird currently ship with TLS 1.1/1.2 support, but not enabled by default
so it is nut relevant
Mozilla is still working on automatic fallback to SSLv3/TLSv1.0.
off-topic in context of the threads subject
Firefox 24 supposedly has ability and will enable TLS 1.1 and 1.2 by default.
does not help much
On Windows 7, 8, 2008R2 and 2012, the schannel libraries support TLS 1.1 and 1.2. Versions of IE, Office, IIS, Exchange, SQL Server et al dating to as early as 2010 or so use those schannel library versions. IE 11 should have TLS 1.1 and 1.2 enabled by default. One nice thing: IE 10 will report the TLS version in the page properties. For example, Google's front page gives "TLS 1.2, AES with 128 bit encryption (High); ECDH_P256 with 256 bit exchange".
as long the support for Windows XP is active and it comes to business you have to support it - period
With Apple, the SecureTransport libraries since 2011 or so supports TLS 1.1 and 1.2. That should include iOS 5 and 6 and OS X 10.6+. Version info is hard to find for Apple software, so my apologies if the version alignment isn't correct. Safari has TLS 1.1 and 1.2 enabled by default.
that must be te reason for do not using it with Apple Mail i guess so you need to distinct between theory and the real life Anonymous TLS connection established from ****: TLSv1 with cipher AES128-SHA (128/128 bits)
and yes postfix logs the TLS version as well the machine in question supports TLS1.2 Anonymous TLS connection established from ****: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Other things that support TLS 1.1+:
- Google servers
- Cloudflare
- Chrome
- GnuTLS
- Java SSE
fine but what helps 1.1 in case someone asks how to disable it - read the subject
I'm not sure we can agree on what comprises the "most widely used" case or even at what point we can say TLS 1.1+ is "well supported"; but the above is at least a good start
it's not well supported