• FOSS Is Fun
    link
    fedilink
    English
    8
    edit-2
    1 year ago

    Actually it is the same story with TLS 1.3 and TLS 1.2. A bunch of sites still doesn’t support TLS 1.3 (e. g. arstechnica.com, startpage.com) and some of them only support TLS 1.2 with RSA (e. g. startpage.com).

    You can try this yourself in Firefox by disabling ciphers (search for security.ssl3 in about:config) or by setting the minimum TLS version to 1.3 (security.tls.version.min = 4 in about:config).

    • @deepdive
      link
      English
      31 year ago

      Strange enough TLS 1.3 still doesn’t support signed ed25519 certificates :| P‐256, NIST P‐384 or NIST P‐521 curves are known to be “backdoored” or having deliberately chosen mathematical weakness. I’m not an expert and just a noob security/selfhoster enthusiast but I don’t want to depend on curves made by NSA or other spy agencies !

      I also wondering if the EU isn’t going to implement something similar with all their new spying laws currently discussed…

      • LaggyKar
        link
        fedilink
        31 year ago

        AFAIK, they’re not known to be backdoored, only suspected

        • @deepdive
          link
          English
          21 year ago

          Yeah wrong wording, but the fact that we have to depend mostly on NSA’s cryptographic schemes makes it very suspicious !