
It’s the Boot for TLS 1.0 and TLS 1.1 - i_am_not_elon
https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/
======
jeroenhd
I fully understand removing TLS 1.0 because of the POODLE exploit. However,
TLS 1.1 fixes it, provided you don't make yourself vulnerable to a downgrade
attack.

Why is Mozilla disabling TLS 1.1? It probably doesn't provide the most up-to-
date ciphers and such but algorithmically it's fine, right? Is there an attack
on TLS 1.1 I don't know about?

~~~
toast0
There's not very many stacks that support 1.1 but not 1.2. If usage of 1.0 is
low enough that you're willing to drop it, 1.1 is going to be much less.

------
tinus_hn
Is there some kind of survey that shows how many hosts offer just these
protocols?

~~~
toast0
This one is freely available:

[https://www.ssllabs.com/ssl-pulse/](https://www.ssllabs.com/ssl-pulse/)

For considering this change, you want to look at the 'best protocol available'
chart.

Netcraft has or had an SSL survey, but it it's not free.

