A few years back we had to disable an old security protocol, SSLv3.
Now we're approaching the next step, disabling SSLv3's successors TLSv1.0 and TLSv1.1. They too have some weaknesses, which have been dealt with in newer revisions of the specification (TLSv1.2 and TLSv1.3). This change is currently not urgent, but this will need to be taken care of at some point. Note that various other websites have already set a requirement for at least TLSv1.2, and this trend is likely to continue this year for other websites.
Most modern browsers and operating systems already support at least TLSv1.2. TLSv1.2 specifications were published in August 2008, so about 12 years ago.
I have been logging the TLS versions used for a few days now, and the following browsers / devices may be affected:
- Android phones / tablets using Android 4.2.2/4.4.2:
- Samsung Galaxy Tab 2
- Samsung Galaxy Tab 3
- Samsung Galaxy S3 Neo
- Samsung Galaxy Trend Plus
- Hannstar Tablet
- Windows XP using MS Internet Explorer 7 or 8, or an ancient version of Firefox
If you are wondering if your device is affected, head over to https://michaelspice.net/ssltest/ and make sure the output says either "Safe, your browser supports TLS 1.2" or "Safe, your browser supports TLS 1.3". If you can't connect at all, your browser/operating system may not support TLS 1.2 or TLS 1.3.
Unless other factors require an earlier retirement of TLSv1.0 and TLSv1.1, I would expect to disable TLSv1.0 and TLSv1.1 by the end of the year. When this happens, you will no longer be able to access EBT or the forum with the affected devices or browsers.