1

On our server, we have TLS 1.0, 1.1 and 1.2 enabled. It hosts numerous client websites.

We were recently contacted by one such client flagging a concern that TLS 1.0 and TLS 1.1 is "still enabled". I don't know much about the subject matter, unfortunately. What I do know is, like me, they must've done a free security scan of their website which raises that fact as a "red flag" while conveniently ignoring that we have TLS 1.2 enabled also.

Despite the obvious compatibility issues that would arise from disabling those versions, what possible benefits are there to gain in disabling these legacy TLS versions on our server? Is it really such a vulnerability as they've been lead to believe?

I may be mistaken, but my understanding was that using TLS 1.0 and TLS 1.1 alone is the vulnerability. Upgrading to TLS 1.2 allows newer client browsers to avoid these vulnerabilities but am I mistaken?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Ryan W
  • 13
  • 2
  • This is going to be very relevant: https://security.stackexchange.com/questions/205775/tls-downgrade-attacks – schroeder Jan 04 '22 at 12:03

1 Answers1

1

In theory removing older TLS protocol versions might reduce complexity from the code base and thus increase security. In practice this is at least for TLS 1.0+ usually just a runtime configuration, i.e. the complex code base is unchanged.

In theory an attacker might force a TLS downgrade to a lower TLS version. In practice this seems to be a non-issue today, at least for TLS 1.0+ and for current browsers, which no longer retry with a lower TLS version as they did in the past.

Any kind of restrictions regarding TLS version, ciphers etc limit the attack surface a bit though. There might be attacks known to some insiders or yet to be found attack vectors. And they will be likely in a code base which is less and less used since nobody takes much care in it.

Thus, if any TLS protocols and ciphers are not actually needed, they should better be disabled. All modern clients support TLS 1.2+ for several years so disabling TLS 1.1 and lower should be doable unless old (and likely insecure) clients still need to be supported.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Very useful; thank you. Good to know modern browsers don't retry for lower TLS versions. I appreciate then it's basically just best practices for security, preventing theoretical attacks and trying to future proof and limit attack surfaces. According to StatCounter, 3% of global users are still using a browser that does not support TLS 1.2. Which may be something to keep in mind when considering to disable the older protocols. – Ryan W Jan 04 '22 at 13:39