If a website is still using TLS 1.0 - is it safe?

« Other questions
0
0

Hi

I visited an https website, and the green padlock appeared in the browser’s URL bar. However, when I clicked on the padlock it told me that my connection was encrypted with TLS 1.0, an “obsolete cipher suite”. Should I be worried?

  • You must to post comments
0
0

Yes, you should be worried.

Longer answer: even if all goes okay it is a false sense of security. It should be kept in mind that it is more than just TLS version and that includes configuration on the server (there are a lot of things to consider on this part and if they use TLSv1 then you shouldn’t trust them on this, either).

It is true that TLSv1.2 has its problems (SSL and TLS have a long history of problems) but I would say that any website that uses TLSv1 is not taking security as seriously as it should.

  • You must to post comments
Showing 1 result
Your Answer

Please first to submit.