Menu
We are running an asp.net application in IIS 10.0 (windows server 2016) and installed SSL certificate. One of our clients was asking us about supporting TLS 1.3. My understanding is that TLS 1.3 is still in draft and I found no reference for server 2016 and TLS 1.3. What can we do to provide support for TLS 1.3 (other than waiting for this version to be officially released)? Would it be correct to say that we will support TLS 1.3 when Server 2016 begins to support it?
514
This is old, but I think it deserves an update at this point. TLS 1.3 has been finalized for over a year now. It's no longer in a draft as of 8/2018 and is finalized and published. Yet still, no support from MS. This is extremely poor on their part. All the ciphers in TLS 1.2 and lower have been compromised or are vulnerable to attack - such as timing-based attacks. Only TLS 1.3 AEAD based ciphers are - as of this time - uncompromised or not known to be vulnerable.
Come on MS. It's been almost 1.5 years. I thought you were serious about security!!! You talk the talk - now walk the walk and get us TLS 1.3 support!!!
64
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
