On 9/11/2013 3:52 PM, Reindl Harald wrote:
and that is why i said most widely used does not
RHEL5: openssl-0.9.8e RHEL6: openssl-1.0.0 Fedora 17: openssl-1.0.0k Fedora 18: openssl-1.0.1e
RHEL with outdated software bundled? You don't say. ;)
Let's look at the rest of the world:
Firefox and Thunderbird currently ship with TLS 1.1/1.2 support, but not enabled by default. Mozilla is still working on automatic fallback to SSLv3/TLSv1.0. Firefox 24 supposedly has ability and will enable TLS 1.1 and 1.2 by default.
On Windows 7, 8, 2008R2 and 2012, the schannel libraries support TLS 1.1 and 1.2. Versions of IE, Office, IIS, Exchange, SQL Server et al dating to as early as 2010 or so use those schannel library versions. IE 11 should have TLS 1.1 and 1.2 enabled by default. One nice thing: IE 10 will report the TLS version in the page properties. For example, Google's front page gives "TLS 1.2, AES with 128 bit encryption (High); ECDH_P256 with 256 bit exchange".
With Apple, the SecureTransport libraries since 2011 or so supports TLS 1.1 and 1.2. That should include iOS 5 and 6 and OS X 10.6+. Version info is hard to find for Apple software, so my apologies if the version alignment isn't correct. Safari has TLS 1.1 and 1.2 enabled by default.
Other things that support TLS 1.1+:
- Google servers
- Cloudflare
- Chrome
- GnuTLS
- Java SSE
I'm not sure we can agree on what comprises the "most widely used" case or even at what point we can say TLS 1.1+ is "well supported"; but the above is at least a good start.