[CentOS] www.centos.org/forums/

Sat Mar 26 13:00:28 UTC 2016
Dennis Jacobfeuerborn <dennisml at conversis.de>

On 25.03.2016 17:29, Eero Volotinen wrote:
>> @Eero: IMHO you are missing some points here. There are more and more
>> browsers that are unable to use SSL{2,3} as well as TLS1.0, not just
>> disabled via config, but this decission was made at compile time.
>> Newer Android and Apple-iOS devices for example.
>>
>>
> This is not true. it works fine with latest android and ios. I just tested
> it.

The latest version of Android is Marshmallow and currently is only
installed on 2.3% of the devices out there:
http://developer.android.com/about/dashboards/index.html

You cannot just support the latest version of a client if your site is
accessed by regular users out there.

> 
>> And the point is not that the site supports TLS1.0, but that it does
>> not support TLS1.1 and/or TLS 1.2, and as such is incassessible
>> to devices that ask for TLS1.1 as minimum for HTTPS.
>>
>> But that is for the admins/webmasters of the servers to resolve.
> 
> 
> Many sites are still using centos 5 and clones and cannot support tls 1.2
> and tls 1.1 without upgrade.

Then they might be forced to upgrade to a newer CentOS version. If you
only run your personal blog then you can of course whatever you want but
if you run a commercial site then the OS you can run depends on what the
clients support and not the other way around.

Regards,
  Dennis