• FOSS Is Fun@lemmy.ml
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    Actually it is the same story with TLS 1.3 and TLS 1.2. A bunch of sites still doesn’t support TLS 1.3 (e. g. arstechnica.com, startpage.com) and some of them only support TLS 1.2 with RSA (e. g. startpage.com).

    You can try this yourself in Firefox by disabling ciphers (search for security.ssl3 in about:config) or by setting the minimum TLS version to 1.3 (security.tls.version.min = 4 in about:config).

    • deepdive@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Strange enough TLS 1.3 still doesn’t support signed ed25519 certificates :| P‐256, NIST P‐384 or NIST P‐521 curves are known to be “backdoored” or having deliberately chosen mathematical weakness. I’m not an expert and just a noob security/selfhoster enthusiast but I don’t want to depend on curves made by NSA or other spy agencies !

      I also wondering if the EU isn’t going to implement something similar with all their new spying laws currently discussed…

      • LaggyKar
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        AFAIK, they’re not known to be backdoored, only suspected

        • deepdive@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Yeah wrong wording, but the fact that we have to depend mostly on NSA’s cryptographic schemes makes it very suspicious !