#[1]Meta Stack Exchange [2]Feed for question 'TLS 1.0 and TLS 1.1 removal for Stack Exchange services' Stack Exchange Network Stack Exchange network consists of 175 Q&A communities including [3]Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. [4]Visit Stack Exchange (BUTTON) ____________________ Loading… 1. 2. [5]0 3. [6]+0 4. + [7]Tour Start here for a quick overview of the site + [8]Help Center Detailed answers to any questions you might have + [9]What's Meta? How Meta is different from other sites + [10]About Us Learn more about Stack Overflow the company + [11]Business Learn more about hiring developers or posting ads with us 5. 6. [12]Log in [13]Sign up 7. [14]current community + Stack Exchange + Meta Stack Exchange [15]help [16]chat your communities [17]Sign up or [18]log in to customize your list. [19]more stack exchange communities [20]company blog By using our site, you acknowledge that you have read and understand our [21]Cookie Policy, [22]Privacy Policy, and our [23]Terms of Service. Meta Stack Exchange is a question and answer site for meta-discussion of the Stack Exchange family of Q&A websites. It only takes a minute to sign up. [24]Sign up to join this community [anonymousHeroQuestions.svg?v=748bfb046b78] Anybody can ask a question [anonymousHeroAnswers.svg?v=d5348b00eddc] Anybody can answer [anonymousHeroUpvote.svg?v=af2bb70d5d1b] The best answers are voted up and rise to the top (BUTTON) [25]Meta Stack Exchange 1. [26]Home 2. 1. [27]Questions 2. [28]Tags 3. [29]Users 4. [30]Unanswered [31]TLS 1.0 and TLS 1.1 removal for Stack Exchange services [32]Ask Question Asked yesterday Active [33]today Viewed 5k times (BUTTON) 201 (BUTTON) (BUTTON) 9 As part of our regular efforts to increase security and keep up with the times, we will be disabling [34]TLS 1.0 and 1.1 for Stack Exchange services on February 12th, 2020. TLS 1.2 and above will continue to work. Note: this will not immediately affect all services. Some of our services are handled via Fastly, and some at our load balancers directly - this change will not affect both segments at once. Things like Q&A, Talent, etc. flow through Fastly and will be the first affected. Things that are direct, like Chat and our API, will not be affected immediately. Why? Most browsers and operating systems moved to TLS 1.2 quite a while ago now (for example, we don't support Windows XP...and neither does Microsoft). We held out for as many clients as possible to move over, but now it's time to make the change. If you're curious what the vulnerabilities are in TLS 1.0 and 1.1, [35]there's a good writeup here. We've been monitoring traffic levels over the past few months and we are now at HTTPS stats of: * TLS 1.0: 0.6% * TLS 1.1: 0.0% * TLS 1.2: 99.4% Additionally, it looks like the vast majority of the TLS 1.0 traffic is bots (and/or sends no user agent at all) - our estimate is that 'not a robot' requests account for less than a third of that 0.6%. As an example of the industry moving on here, [36]our current SSL Labs rating is a B. This is purely because of remaining TLS < 1.2 support that we plan to remove here. If anyone has questions, please feel free to comment or answer below and we'll try and keep up. [37]discussion [38]featured [39]ssl [40]announcements [41]share|[42]improve this question [43]edited yesterday Nick Craver asked yesterday [44]Nick Craver♦Nick Craver 118k2323 gold badges401401 silver badges541541 bronze badges * 48 Thanks for informing the community in advance for a change ;-) – [45]cs95 is disappointed with SE yesterday * 2 Will (or do) you have a failover page that will show an "upgrade your browser" message to any browsers stuck on 1.0 or 1.1? – [46]Robotnik yesterday * 25 @Robotnik nope, not in this case. Not because we're lazy, but because it just wouldn't help. The failure scenario of an ancient client is they can't connect, so they'd never get be able to see such a page. This happens earlier in the negotiation, before any web traffic is exchanged. – [47]Nick Craver♦ yesterday * @NickCraver, but currently you support both. Why not replace handling of old tls by sending to a separate fallback? – [48]Qwertiy 22 hours ago * 15 @Qwerity Let me flip that around: why do that work and maintain it? And for how long? Note: we have to explain to people why it’s still enabled, etc. it’s not a zero cost to leave it on. Given it’s not affecting actual users as far as we can tell, what’s the benefit? Any bots or users relying on this ancient path won’t get what they’re after, so why play around and spend time on a half measure? We simply have limited time and resources (like most people), so maintaining old, almost completely unused, and insecure infrastructure is not a compelling thing to use those resources on. – [49]Nick Craver♦ 22 hours ago * 4 Nearly everybody who's paying attention and running a site has obsoleted or is in the process of removing TLS 1.0 and 1.1 compatibility. If somebody has an old browser that can't handle that, they're going to be blocked at most sites they visit. Stack Exchange will be the least of their worries. – [50]Ask About Monica 21 hours ago * 3 For that poor less than a third of 0.6% of clients I wonder what site they'll turn to to ask for help on why they can no longer connect to Stack Exchange. – [51]BACON 18 hours ago * @Robotnik Most traffic using weak ciphers are bots attempting to exploit vulnerabilities. If real users are on devices incapable of using current generation SSL ciphers, they are most likely unable to upgrade them anway. Maintaining a failover page simply wouldn't achieve any useful outcomes. – [52]user1751825 14 hours ago [53]add a comment | 5 Answers 5 [54]active [55]oldest [56]votes (BUTTON) 74 (BUTTON) Removing support for outdated security technologies is surely a good move. But I see your statistics includes only TLS 1.2, so do you have any plan for TLS 1.3? It's the new standard in 2018 and is supported by all major browsers (excl. IE) and a lot of cloud services (Cloudflare, AWS ELB etc.). I really think that should be added as well. [57]share|[58]improve this answer answered yesterday [59]iBug is disappointed in SEiBug is disappointed in SE 23.2k44 gold badges4343 silver badges9292 bronze badges * 1 Without knowing the "guts" inside SE, it could be that there are backend components (and subcomponents between backends and UIs or the edge) that do not support TLS 1.3 equally. For example, TLS 1.3 is supported in Java 11, but it is not included in earlier versions, and there's a ton of Java middleware that for one reason or another are still running in earlier versions (we run Java 7 at work.) I suspect it will take a few years before TLS 1.3 become the 90.xxx% supported norm. – [60]luis.espinal yesterday * 2 IIRC they're a .NET shop, so if they're restricted to a .NET version < 4.6 then TLS 1.3 is not available. – [61]Matt Ellen yesterday * 1 I'm aware about dependency restrictions in a large corporation (we use unencrypted transmission in our laboratory intranet, which is pretty small per se), but what about the public-facing part? – [62]iBug is disappointed in SE yesterday * 58 Good question! Yes, we are looking at TLS 1.3...but don't want to combine such changes. That will be a later follow-up once we get 1.0 and 1.1 off the radar here :) Since it's a 2-leg negotiation from you to Fastly to us, we have the ability to enable TLS 1.3 to users before the backend if needed...but all components of the stack are 1.3 compatible for the curious :) – [63]Nick Craver♦ yesterday [64]add a comment | (BUTTON) 27 (BUTTON) EDIT: now fixed When you write "we will be deprecating TLS 1.0 and 1.1", do you mean that they will no longer work after next week? It seems so from your next sentence, but this is confusing to me, because in my experience that is not what "deprecating" means in the programming world: Software deprecation While a deprecated software feature remains in the software, its use may raise warning messages recommending alternative practices; deprecated status may also indicate the feature will be removed in the future. Features are deprecated rather than immediately removed, to provide backward compatibility, and to give programmers time to bring affected code into compliance with the new standard. from [65]https://en.wikipedia.org/wiki/Deprecation, and, from [66]https://en.wiktionary.org/wiki/deprecate (emphasis mine): 2. (transitive, chiefly computing) To declare something obsolescent; to recommend against a function, technique, command, etc. that still works but has been replaced. [67]share|[68]improve this answer [69]edited yesterday answered yesterday [70]Federico PoloniFederico Poloni 2,81111 gold badge1111 silver badges2020 bronze badges * 5 In this context it means they're being removed, yep - deprecated in favor of TLS 1.2 which all supported clients support. It turns out we just found a bug in non-SNI certificate delivery late last night as well, which means non-SNI clients (huge overlap with TLS < 1.2 support) weren't getting a valid cert, since December 24th. While we're already working with Fastly to get that cert API fixed, it also gives us even more confidence: this change will have very minimal impact. – [71]Nick Craver♦ yesterday * 35 @NickCraver Then I strongly suggest that you change the wording. That is not what "deprecating" means. I suggest to use the words "we will be removing support for TLS 1.0 and 1.1" instead. – [72]Federico Poloni yesterday * 16 Fair enough! Done :) – [73]Nick Craver♦ yesterday * 2 Q&A-style discussions are weird because I'm not sure to +1 this or not. I mean, it was a good observation such that, typically, it'd be an easy +1. Except now that it's been fixed, this doesn't really provide value to readers. But the current system gives rep to answerers who make positive contributions, and it doesn't seem like this answerer deserves less rep just because their contribution was immediately actionable. But then this could've been a comment instead, which wouldn't have given rep anyway. But then is that consistent in the first place? – [74]Nat yesterday * 5 @Nat I think you're overthinking this ;) – [75]maxathousand yesterday * 11 @Nat What is weird, in my view, is using a Q&A-style system for an announcement, and soliciting questions about the announcements to be posted as answers (presumably, to be answered by the SE staff in comments). It all feels like using the system backwards. (See also: dogfooding, inner platform effect.) – [76]Federico Poloni yesterday * 2 @Federico Poloni - I agree with you. It's a misuse of the Q&A format and a bad example to the other sites. IMHO it'd be better if meta had a slightly different format than all other sites. – [77]LawrenceC 18 hours ago [78]add a comment | (BUTTON) 1 (BUTTON) Running the [79]Immuniweb.com Security Test it complains (abbreviated version): [80]Summary of stackexchange.com SSL Security Test The problem is TLSv1.1 and TLSv1.0 configured with TLS_RSA_WITH_ 3DES _EDE_CBC_SHA enabled, that is non-compliant with PCI DSS requirements. In particular, the test complains of supporting TLSv1.0 and lack of support for TLSv1.3. in addition it says: "The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection.". You probably know this but the latest guidelines are: SP 800-52 Rev. 2 "[81]Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations". There is also hardware available, such as [82]Symantec's SSL Visibility Appliance, which can [83]permit security tools to operate despite end-to-end encryption; but it's expensive. Despite the expense [84]traffic inspection is necessary unless you simply want to hope that nothing can go wrong. There are also [85]Data Loss Prevention Appliances which can detect theft of personal information, password files, and other sensitive data; and block it before it goes over the wire. Your move to TLS 1.2 and up is a welcome one, we wouldn't want you to go down for a few days or suffer the annoyance (warning?) of last year's hack again. Thanks for keeping on the leading edge. [86]share|[87]improve this answer answered 6 hours ago [88]RobRob 9,31533 gold badges2424 silver badges6363 bronze badges [89]add a comment | (BUTTON) -2 (BUTTON) How many users are impacted, and what measures have you got in place to measure that impact? You claim that our estimate is that 'not a robot' requests account for less than a third of that 0.6% but that still seems like a decent number of people. Taking the 10m/day traffic figure reported for SO on [90]the sites list, that 0.2% is still something like 20,000 visits a day, which is not insignificant (i.e. more than half a million visits a month), particularly if it represents people from the marginalized backgrounds that SO claims to champion and be welcoming to. Now, your [91]comment that quite a few technologies prefer TLS 1.0 and upgrade is also fair enough. There's a large niche of user agents that won't be impacted by the change: they're getting TLS 1.0 because they asked for it, but will happily take higher versions if you don't give them their first choice. And we can't know how many users this represents until you disable TLS 1.0. So... what are your plans for measuring how many people are in this category, and how many people lose the access they currently have because of it? Are you going to report that publicly? [92]share|[93]improve this answer answered 3 hours ago [94]E.P.E.P. 12.5k33 gold badges3434 silver badges6060 bronze badges [95]add a comment | (BUTTON) -7 (BUTTON) This is a pretty bad idea, following a trend that's based on common misunderstandings of how protocols work, and undermining the value of robustness and interoperability (also known as Postel's law). * Browser vendors have announced that they'll be deprecating support for TLSv1.0 and TLSv1.1 in 2020. It is often cited that TLSv1.0 is removed in order to avoid downgrade attacks. But if supported browsers don't support anything below TLSv1.2, then there's nothing for them to downgrade to, so, there doesn't seem to be a good reason to remove support on the websites as well. * This change means that it will no longer be possible to view your properties from older iPad, iPhone, Android and webOS devices, for little good reason. Keep in mind, these are devices that have gigabytes of storage and hundreds of megabytes of memory each, these are not some outdated devices that don't have the processing power to do common tasks, these are very powerful devices that simply have been abandoned by their vendors. This will result in an effective link rot on a rather large scale (search results from Google will no longer work), and will widen the digital gap between people who don't have the resources to buy the latest tablets, phones and other gadgets. You're effectively doing the brokering for planned obsolescence on behalf of Apple and other vendors, contributing to the global warming by deprecating very powerful devices, each with gigabytes of storage and megabytes of RAM, which are still perfectly capable of performing complex computing tasks. * SSL Labs rating is a B. Only a third of 0.6% of visitors require TLSv1.0. You're basically telling us that you'd rather have a better rating on a meaningless scale by completely denying access to your website only for a few million actual, real users. Is this for real? Is this what our industry has become? Please consider doing the following instead: * Bring back full HTTP access. With an HSTS policy in place, none of the supported browsers will ever notice that HTTP support is even available. With HSTS (which is already in place on Stack Overflow), all http:// links are treated as https://, so, there's no effective difference for any supported browser, but the older devices that may not have recent https support could still view the site. (For new visitors, all you have to do is have an invisible pixel to your HTTPS site from the HTTP one, which will automatically install HSTS policy, and no further requests will be made over HTTP; this is trivial to accomplish, and should seamlessly support both legacy and modern browsers.) * Do not disable TLSv1.0 (and noone cares for TLSv1.1 either way, as there's hardly anything that supports TLSv1.1 without also supporting TLSv1.2). Even if HTTP access is available, browsers that don't support TLSv1.2 would not be able to follow the existing https:// links due to lack of TLSv1.2 support, resulting in link rot. (If there's a worry about certificate compromise with serving TLSv1.0, it's rather trivial to divert TLSv1.0 and TLSv1.2 traffic to distinct servers that each have distinct certificates, serving distinct content, without TLSv1.2-only clients being affected in any negative way; if TLSv1.0 is somehow deemed to be so insecure as to being worse than straight HTTP, then it's also an option to redirect back from HTTPS to HTTP for such old TLSv1.0-only clients in order to not contribute to link rot.) [96]share|[97]improve this answer answered 16 hours ago [98]cnstcnst 1,06566 silver badges1414 bronze badges * 12 That traffic is almost all bots, I called this out in the post. We’ve delayed until user impact is minimal. The number is not millions, we’d be shocked if it was even in the thousands. You’re also forgetting that quite a few technologies prefer TLS 1.0 and upgrade, not downgrade of its missing. This means they default to an insecure protocol. Some of that 0.6% will be just fine because it’s in this bucket…even though it’s almost all bots. – [99]Nick Craver♦ 16 hours ago * @NickCraver "You’re also forgetting that quite a few technologies prefer TLS 1.0 and upgrade, not downgrade of its missing." — what do you mean? FYI: Google still fully supports Google Search over HTTP, last I checked a couple of weeks ago. I also highly doubt that there's only a thousand of deprecated iPad devices still in operation, and/or some of them may already be denied access due to cipher differences. – [100]cnst 16 hours ago * 10 Okay let's take that example. TLS 1.2 is supported all the way back to iOS 5. It's install-able all the way back to the iPhone 3GS and the original iPad. So quite literally, there's not an iPad that would not support connecting to us over TLS 1.2. I'm happy to have good faith arguments on this about what we should support, but this seems like we're just really reaching to "why don't you support everything forever"? Remember, all of these devices in the example are from browsers we a) do not support (and haven't for some time), and b) render our pages very badly - they're a decade behind. – [101]Nick Craver♦ 16 hours ago * 4 On the TLS 1.0 front, some things like older OSes (PowerShell, etc. included) will try TLS 1.0 only based on config, or in order. They are capable of TLS 1.2 though. In short: we're not going to continue supporting these insecure protocols the entire industry recommends against at this point. It's just a bad practice, and has near-zero impact to actual users (which I do care greatly about). – [102]Nick Craver♦ 16 hours ago * 4 @NickCraver Agreed. Continuing to allow insecure protocols simply to support some hyperthetical user base on very old devices, I would say would be irresponsible. – [103]user1751825 14 hours ago * 3 @cnst, how "older" are you talking about? I've got an Android 4.4 device I keep around for compatibility testing, and the default browser supports TLS 1.2. – [104]Mark 13 hours ago * You can even argue that support for SSLv3 should be brought back as well for "compatibility with Windows XP" or what have you, even though WinXP has been EOL for nearly 6 years - from when your son entered a primary school to now graduated. In short, there's really little reason to keep obsolete setup forever. – [105]iBug is disappointed in SE 12 hours ago * @user1751825 that's why I recommend enabling HTTP, because HTTP is not insecure, like the older versions of TLS/OpenSSL are. – [106]cnst 12 hours ago * 3 @cnst HTTP is inherently insecure, because it is not encrypted at all. It should not be enabled simply to support old insecure clients. Allowing HTTP on a HTTPS enabled site, weakens the overall security of the site because it allows protocol downgrade attacks, and prevents the use of HSTS headers. – [107]user1751825 12 hours ago * It's also worth considering SE supports only a subset of browsers in a subset of OSes.A significant number of the examples you gave are not or might never be supported. And I doubt the move to http fallback makes any sense at all. – [108]Journeyman Geek♦ 11 hours ago * 1 @user1751825 what you say doesn't make sense, because downgrade attacks aren't possible if you already have HSTS, even if HTTP is left undisturbed; and if you don't have HSTS, and are requesting over HTTP already, then there's nothing to downgrade; just because there's no encryption doesn't make HTTP insecure, either, especially if it's all public information being transmitted (most readers don't have accounts), and it's up to the user and their provider on whether or not their traffic is modified (nation states can already permanently block https and proxy https over http, should they want). – [109]cnst 11 hours ago * Plaintext HTTP is insecure in two ways - attacker can see what's transmitted, and can also manipulate what's transmitted. It's common in China where ISP endpoints insert junk ads into whatever page viewed through HTTP ([110]ref). – [111]iBug is disappointed in SE 9 hours ago * @iBugisdisappointedinSE so, your solution is to self-destruct by blocking HTTP in case they decide to block HTTPS? If the nation-state provider controls the communication channel, they can simply never allow HTTPS in the first place, never letting HSTS to get installed, and always run a masquerade proxy on http to proxy https content selectively; in all, plaintext HTTP is just life. – [112]cnst 7 hours ago * 2 If a state decided to block HTTPS completely, then it's not SE's responsibility to maintain its accessibility by allowing plaintext. HTTP is not life, it's obsolete. – [113]iBug is disappointed in SE 5 hours ago [114]add a comment | You must [115]log in to answer this question. Not the answer you're looking for? Browse other questions tagged [116]discussion [117]featured [118]ssl [119]announcements . Welcome! Welcome! Meta Stack Exchange is intended for bugs, features, and discussions that affect the whole Stack Exchange family of Q&A sites. [120]about » [121]help » Blog * [122]The 2020 Developer Survey is now open! Featured on Meta * [123]TLS 1.0 and TLS 1.1 removal for Stack Exchange services [124]Visit chat Related 1022 [125]Are there any clones/alternatives for running a Stack Exchange style Q&A site? 523 [126]The MIT License – Clarity on Using Code on Stack Overflow and Stack Exchange 2753 [127]A Terms of Service update restricting companies that scrape your profile information without your permission 448 [128]Network-wide HTTPS: It's time 198 [129]Brief outage planned for Wed, May 3, 2017 at 8pm US/Eastern (00:00 UTC) (like a fire drill for computers) 820 [130]Net Neutrality and Stack Overflow / Stack Exchange 372 [131]Updating the Hot Network Questions List - now with a bit more network and a little less “hotness”! 2232 [132]Firing mods and forced relicensing: is Stack Exchange still interested in cooperating with the community? 665 [133]Dear Stack Exchange: a statement and a letter from your moderators 1853 [134]Stack Overflow is doing me ongoing harm; it's time to fix it! [135]Hot Network Questions * [136]Primitive underwater melee combat * [137]Doubt on how move as black after pawn in e5 * [138]How often should I clean my water bladder/reservoir while on a thru-hike, extended backpacking trip, or survival scenario? * [139]Does a non-creature God entering the battlefield trigger Pelt Collector? * [140]Are screened transistors an endangered species? * [141]How to generate a random integer array satisfying complex constraints * [142]Would this hit/miss houserule be balanced with bounded accuracy? * [143]What will happen if someone/a group can't be confirmed that they commited a crime? * [144]Bin packing variant * [145]How to deal with a promotion if you are not sure you want it? * [146]Can open-source software be peer-reviewed and published? * [147]When was the first recorded occurence of irrational and imaginary number usage in number theory? * [148]Why does my tea periodically alternate its rotational speed after stirring? (Link to video below) * [149]Reviewing custom array List class of java * [150]What is this large engine doing on a B52? * [151]How is the term "fabric" defined in networking? * [152]Why, in old movies and TV series, do they always use such extremely exaggerated wheel turns when driving a car? * [153]Existential unforgeability vs strong unforgeability * [154]My prefix is a memory; my infix, you may hate * [155]We can ignore the wire resistance if the current delivered by the wire is low? * [156]How to avoid comments about one line of code for cleanliness * [157]Compress 8 bits to 6 when certain bit patterns will never occur * [158]What made Jesus question at Mt 21:25 a good example for Christians or was it a bad question because the Jews could not answer? * [159]How to quickly and inexpensively deposit cash? [160]more hot questions [161]Question feed Subscribe to RSS Question feed To subscribe to this RSS feed, copy and paste this URL into your RSS reader. https://meta.stackex [162]Meta Stack Exchange * [163]Tour * [164]Help * [165]Chat * [166]Contact * [167]Feedback * Mobile [168]Company * [169]Stack Overflow * [170]Stack Overflow Business * [171]Developer Jobs * [172]About * [173]Press * [174]Legal * [175]Privacy Policy [176]Stack Exchange Network * [177]Technology * [178]Life / Arts * [179]Culture / Recreation * [180]Science * [181]Other * [182]Stack Overflow * [183]Server Fault * [184]Super User * [185]Web Applications * [186]Ask Ubuntu * [187]Webmasters * [188]Game Development * [189]TeX - LaTeX * [190]Software Engineering * [191]Unix & Linux * [192]Ask Different (Apple) * [193]WordPress Development * [194]Geographic Information Systems * [195]Electrical Engineering * [196]Android Enthusiasts * [197]Information Security * [198]Database Administrators * [199]Drupal Answers * [200]SharePoint * [201]User Experience * [202]Mathematica * [203]Salesforce * [204]ExpressionEngine® Answers * [205]Stack Overflow em Português * [206]Blender * [207]Network Engineering * [208]Cryptography * [209]Code Review * [210]Magento * [211]Software Recommendations * [212]Signal Processing * [213]Emacs * [214]Raspberry Pi * [215]Stack Overflow на русском * [216]Code Golf * [217]Stack Overflow en español * [218]Ethereum * [219]Data Science * [220]Arduino * [221]Bitcoin * [222]Software Quality Assurance & Testing * [223]Sound Design * [224]Windows Phone * [225]more (27) * [226]Photography * [227]Science Fiction & Fantasy * [228]Graphic Design * [229]Movies & TV * [230]Music: Practice & Theory * [231]Worldbuilding * [232]Video Production * [233]Seasoned Advice (cooking) * [234]Home Improvement * [235]Personal Finance & Money * [236]Academia * [237]Law * [238]Physical Fitness * [239]Gardening & Landscaping * [240]Parenting * [241]more (11) * [242]English Language & Usage * [243]Skeptics * [244]Mi Yodeya (Judaism) * [245]Travel * [246]Christianity * [247]English Language Learners * [248]Japanese Language * [249]Chinese Language * [250]French Language * [251]German Language * [252]Biblical Hermeneutics * [253]History * [254]Spanish Language * [255]Islam * [256]Русский язык * [257]Russian Language * [258]Arqade (gaming) * [259]Bicycles * [260]Role-playing Games * [261]Anime & Manga * [262]Puzzling * [263]Motor Vehicle Maintenance & Repair * [264]Board & Card Games * [265]Bricks * [266]Homebrewing * [267]Martial Arts * [268]The Great Outdoors * [269]Poker * [270]Chess * [271]Sports * [272]more (16) * [273]MathOverflow * [274]Mathematics * [275]Cross Validated (stats) * [276]Theoretical Computer Science * [277]Physics * [278]Chemistry * [279]Biology * [280]Computer Science * [281]Philosophy * [282]Linguistics * [283]Psychology & Neuroscience * [284]Computational Science * [285]more (8) * [286]Meta Stack Exchange * [287]Stack Apps * [288]API * [289]Data * [290]Blog * [291]Facebook * [292]Twitter * [293]LinkedIn site design / logo © 2020 Stack Exchange Inc; user contributions licensed under [294]cc by-sa 4.0 with [295]attribution required. rev 2020.2.7.36004 Meta Stack Exchange works best with JavaScript enabled References Visible links 1. https://meta.stackexchange.com/opensearch.xml 2. https://meta.stackexchange.com/feeds/question/343302 3. https://stackoverflow.com/ 4. https://stackexchange.com/ 5. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 6. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 7. https://meta.stackexchange.com/tour 8. https://meta.stackexchange.com/help 9. https://meta.stackexchange.com/help/whats-meta 10. https://stackoverflow.com/company/about 11. https://stackoverflowbusiness.com/?ref=topbar_help 12. https://meta.stackexchange.com/users/login?ssrc=head&returnurl=https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 13. https://meta.stackexchange.com/users/signup?ssrc=head&returnurl=https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 14. https://meta.stackexchange.com/ 15. https://meta.stackexchange.com/help 16. https://chat.meta.stackexchange.com/ 17. https://meta.stackexchange.com/users/signup?ssrc=site_switcher&returnurl=https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 18. https://meta.stackexchange.com/users/login?ssrc=site_switcher&returnurl=https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 19. https://stackexchange.com/sites 20. https://stackoverflow.blog/ 21. https://stackoverflow.com/legal/cookie-policy 22. https://stackoverflow.com/legal/privacy-policy 23. https://stackoverflow.com/legal/terms-of-service/public 24. https://meta.stackexchange.com/users/signup?ssrc=hero&returnurl=https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 25. https://meta.stackexchange.com/ 26. https://meta.stackexchange.com/ 27. https://meta.stackexchange.com/questions 28. https://meta.stackexchange.com/tags 29. https://meta.stackexchange.com/users 30. https://meta.stackexchange.com/unanswered 31. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 32. https://meta.stackexchange.com/questions/ask 33. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services?lastactivity 34. https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/ 35. https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/ 36. https://www.ssllabs.com/ssltest/analyze.html?d=stackoverflow.com&latest 37. https://meta.stackexchange.com/questions/tagged/discussion 38. https://meta.stackexchange.com/questions/tagged/featured 39. https://meta.stackexchange.com/questions/tagged/ssl 40. https://meta.stackexchange.com/questions/tagged/announcements 41. https://meta.stackexchange.com/q/343302 42. https://meta.stackexchange.com/posts/343302/edit 43. https://meta.stackexchange.com/posts/343302/revisions 44. https://meta.stackexchange.com/users/135201/nick-craver 45. https://meta.stackexchange.com/users/494004/cs95-is-disappointed-with-se 46. https://meta.stackexchange.com/users/179041/robotnik 47. https://meta.stackexchange.com/users/135201/nick-craver 48. https://meta.stackexchange.com/users/309650/qwertiy 49. https://meta.stackexchange.com/users/135201/nick-craver 50. https://meta.stackexchange.com/users/234991/ask-about-monica 51. https://meta.stackexchange.com/users/699943/bacon 52. https://meta.stackexchange.com/users/506413/user1751825 53. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 54. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services?answertab=active#tab-top 55. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services?answertab=oldest#tab-top 56. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services?answertab=votes#tab-top 57. https://meta.stackexchange.com/a/343321 58. https://meta.stackexchange.com/posts/343321/edit 59. https://meta.stackexchange.com/users/350567/ibug-is-disappointed-in-se 60. https://meta.stackexchange.com/users/144174/luis-espinal 61. https://meta.stackexchange.com/users/147791/matt-ellen 62. https://meta.stackexchange.com/users/350567/ibug-is-disappointed-in-se 63. https://meta.stackexchange.com/users/135201/nick-craver 64. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 65. https://en.wikipedia.org/wiki/Deprecation 66. https://en.wiktionary.org/wiki/deprecate 67. https://meta.stackexchange.com/a/343341 68. https://meta.stackexchange.com/posts/343341/edit 69. https://meta.stackexchange.com/posts/343341/revisions 70. https://meta.stackexchange.com/users/243091/federico-poloni 71. https://meta.stackexchange.com/users/135201/nick-craver 72. https://meta.stackexchange.com/users/243091/federico-poloni 73. https://meta.stackexchange.com/users/135201/nick-craver 74. https://meta.stackexchange.com/users/351012/nat 75. https://meta.stackexchange.com/users/385118/maxathousand 76. https://meta.stackexchange.com/users/243091/federico-poloni 77. https://meta.stackexchange.com/users/699921/lawrencec 78. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 79. https://www.immuniweb.com/ssl/?id=mzPwBEFm 80. https://i.stack.imgur.com/9b7xE.jpg 81. https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/final 82. https://www.symantec.com/products/ssl-visibility-appliance 83. https://www.symantec.com/blogs/product-insights/removing-blind-spots-ssltls 84. https://www.darkreading.com/endpoint/ready-or-not-transport-layer-security-13-is-coming/a/d-id/1331753? 85. http://www.edgeblue.com/DLP700.asp 86. https://meta.stackexchange.com/a/343389 87. https://meta.stackexchange.com/posts/343389/edit 88. https://meta.stackexchange.com/users/282094/rob 89. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 90. https://stackexchange.com/sites#traffic 91. https://meta.stackexchange.com/q/343302#comment1150023_343368 92. https://meta.stackexchange.com/a/343400 93. https://meta.stackexchange.com/posts/343400/edit 94. https://meta.stackexchange.com/users/184688/e-p 95. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 96. https://meta.stackexchange.com/a/343368 97. https://meta.stackexchange.com/posts/343368/edit 98. https://meta.stackexchange.com/users/221016/cnst 99. https://meta.stackexchange.com/users/135201/nick-craver 100. https://meta.stackexchange.com/users/221016/cnst 101. https://meta.stackexchange.com/users/135201/nick-craver 102. https://meta.stackexchange.com/users/135201/nick-craver 103. https://meta.stackexchange.com/users/506413/user1751825 104. https://meta.stackexchange.com/users/268944/mark 105. https://meta.stackexchange.com/users/350567/ibug-is-disappointed-in-se 106. https://meta.stackexchange.com/users/221016/cnst 107. https://meta.stackexchange.com/users/506413/user1751825 108. https://meta.stackexchange.com/users/135565/journeyman-geek 109. https://meta.stackexchange.com/users/221016/cnst 110. https://thehackernews.com/2016/02/china-hacker-malware.html 111. https://meta.stackexchange.com/users/350567/ibug-is-disappointed-in-se 112. https://meta.stackexchange.com/users/221016/cnst 113. https://meta.stackexchange.com/users/350567/ibug-is-disappointed-in-se 114. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 115. https://meta.stackexchange.com/users/login?ssrc=question_page&returnurl=https://meta.stackexchange.com/questions/343302 116. https://meta.stackexchange.com/questions/tagged/discussion 117. https://meta.stackexchange.com/questions/tagged/featured 118. https://meta.stackexchange.com/questions/tagged/ssl 119. https://meta.stackexchange.com/questions/tagged/announcements 120. https://meta.stackexchange.com/tour?mnu=1 121. https://meta.stackexchange.com/help?mnu=1 122. https://stackoverflow.blog/2020/02/05/the-2020-developer-survey-is-now-open/ 123. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 124. https://chat.meta.stackexchange.com/ 125. https://meta.stackexchange.com/questions/2267/are-there-any-clones-alternatives-for-running-a-stack-exchange-style-qa-site 126. https://meta.stackexchange.com/questions/271080/the-mit-license-clarity-on-using-code-on-stack-overflow-and-stack-exchange 127. https://meta.stackexchange.com/questions/277369/a-terms-of-service-update-restricting-companies-that-scrape-your-profile-informa 128. https://meta.stackexchange.com/questions/292058/network-wide-https-its-time 129. https://meta.stackexchange.com/questions/295285/brief-outage-planned-for-wed-may-3-2017-at-8pm-us-eastern-0000-utc-like-a 130. https://meta.stackexchange.com/questions/297816/net-neutrality-and-stack-overflow-stack-exchange 131. https://meta.stackexchange.com/questions/325060/updating-the-hot-network-questions-list-now-with-a-bit-more-network-and-a-litt 132. https://meta.stackexchange.com/questions/333965/firing-mods-and-forced-relicensing-is-stack-exchange-still-interested-in-cooper 133. https://meta.stackexchange.com/questions/334575/dear-stack-exchange-a-statement-and-a-letter-from-your-moderators 134. https://meta.stackexchange.com/questions/336526/stack-overflow-is-doing-me-ongoing-harm-its-time-to-fix-it 135. https://stackexchange.com/questions?tab=hot 136. https://worldbuilding.stackexchange.com/questions/167700/primitive-underwater-melee-combat 137. https://chess.stackexchange.com/questions/28338/doubt-on-how-move-as-black-after-pawn-in-e5 138. https://outdoors.stackexchange.com/questions/24754/how-often-should-i-clean-my-water-bladder-reservoir-while-on-a-thru-hike-extend 139. https://boardgames.stackexchange.com/questions/50230/does-a-non-creature-god-entering-the-battlefield-trigger-pelt-collector 140. https://electronics.stackexchange.com/questions/479780/are-screened-transistors-an-endangered-species 141. https://mathematica.stackexchange.com/questions/214230/how-to-generate-a-random-integer-array-satisfying-complex-constraints 142. https://rpg.stackexchange.com/questions/164294/would-this-hit-miss-houserule-be-balanced-with-bounded-accuracy 143. https://law.stackexchange.com/questions/48788/what-will-happen-if-someone-a-group-cant-be-confirmed-that-they-commited-a-crim 144. https://or.stackexchange.com/questions/3502/bin-packing-variant 145. https://workplace.stackexchange.com/questions/152640/how-to-deal-with-a-promotion-if-you-are-not-sure-you-want-it 146. https://academia.stackexchange.com/questions/143873/can-open-source-software-be-peer-reviewed-and-published 147. https://hsm.stackexchange.com/questions/11434/when-was-the-first-recorded-occurence-of-irrational-and-imaginary-number-usage-i 148. https://physics.stackexchange.com/questions/529076/why-does-my-tea-periodically-alternate-its-rotational-speed-after-stirring-lin 149. https://codereview.stackexchange.com/questions/236822/reviewing-custom-array-list-class-of-java 150. https://aviation.stackexchange.com/questions/74192/what-is-this-large-engine-doing-on-a-b52 151. https://networkengineering.stackexchange.com/questions/64991/how-is-the-term-fabric-defined-in-networking 152. https://history.stackexchange.com/questions/56562/why-in-old-movies-and-tv-series-do-they-always-use-such-extremely-exaggerated 153. https://crypto.stackexchange.com/questions/77445/existential-unforgeability-vs-strong-unforgeability 154. https://puzzling.stackexchange.com/questions/93475/my-prefix-is-a-memory-my-infix-you-may-hate 155. https://electronics.stackexchange.com/questions/479949/we-can-ignore-the-wire-resistance-if-the-current-delivered-by-the-wire-is-low 156. https://softwareengineering.stackexchange.com/questions/404737/how-to-avoid-comments-about-one-line-of-code-for-cleanliness 157. https://codegolf.stackexchange.com/questions/199102/compress-8-bits-to-6-when-certain-bit-patterns-will-never-occur 158. https://christianity.stackexchange.com/questions/75403/what-made-jesus-question-at-mt-2125-a-good-example-for-christians-or-was-it-a-b 159. https://money.stackexchange.com/questions/119997/how-to-quickly-and-inexpensively-deposit-cash 160. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 161. https://meta.stackexchange.com/feeds/question/343302 162. https://meta.stackexchange.com/ 163. https://meta.stackexchange.com/tour 164. https://meta.stackexchange.com/help 165. https://chat.meta.stackexchange.com/ 166. https://meta.stackexchange.com/contact 167. https://meta.stackexchange.com/ 168. https://stackoverflow.com/company/about 169. https://stackoverflow.com/ 170. https://stackoverflowbusiness.com/ 171. https://stackoverflow.com/jobs 172. https://stackoverflow.com/company/about 173. https://stackoverflow.com/company/press 174. https://stackoverflow.com/legal 175. https://stackoverflow.com/legal/privacy-policy 176. https://stackexchange.com/ 177. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 178. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 179. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 180. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 181. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 182. https://stackoverflow.com/ 183. https://serverfault.com/ 184. https://superuser.com/ 185. https://webapps.stackexchange.com/ 186. https://askubuntu.com/ 187. https://webmasters.stackexchange.com/ 188. https://gamedev.stackexchange.com/ 189. https://tex.stackexchange.com/ 190. https://softwareengineering.stackexchange.com/ 191. https://unix.stackexchange.com/ 192. https://apple.stackexchange.com/ 193. https://wordpress.stackexchange.com/ 194. https://gis.stackexchange.com/ 195. https://electronics.stackexchange.com/ 196. https://android.stackexchange.com/ 197. https://security.stackexchange.com/ 198. https://dba.stackexchange.com/ 199. https://drupal.stackexchange.com/ 200. https://sharepoint.stackexchange.com/ 201. https://ux.stackexchange.com/ 202. https://mathematica.stackexchange.com/ 203. https://salesforce.stackexchange.com/ 204. https://expressionengine.stackexchange.com/ 205. https://pt.stackoverflow.com/ 206. https://blender.stackexchange.com/ 207. https://networkengineering.stackexchange.com/ 208. https://crypto.stackexchange.com/ 209. https://codereview.stackexchange.com/ 210. https://magento.stackexchange.com/ 211. https://softwarerecs.stackexchange.com/ 212. https://dsp.stackexchange.com/ 213. https://emacs.stackexchange.com/ 214. https://raspberrypi.stackexchange.com/ 215. https://ru.stackoverflow.com/ 216. https://codegolf.stackexchange.com/ 217. https://es.stackoverflow.com/ 218. https://ethereum.stackexchange.com/ 219. https://datascience.stackexchange.com/ 220. https://arduino.stackexchange.com/ 221. https://bitcoin.stackexchange.com/ 222. https://sqa.stackexchange.com/ 223. https://sound.stackexchange.com/ 224. https://windowsphone.stackexchange.com/ 225. https://stackexchange.com/sites#technology 226. https://photo.stackexchange.com/ 227. https://scifi.stackexchange.com/ 228. https://graphicdesign.stackexchange.com/ 229. https://movies.stackexchange.com/ 230. https://music.stackexchange.com/ 231. https://worldbuilding.stackexchange.com/ 232. https://video.stackexchange.com/ 233. https://cooking.stackexchange.com/ 234. https://diy.stackexchange.com/ 235. https://money.stackexchange.com/ 236. https://academia.stackexchange.com/ 237. https://law.stackexchange.com/ 238. https://fitness.stackexchange.com/ 239. https://gardening.stackexchange.com/ 240. https://parenting.stackexchange.com/ 241. https://stackexchange.com/sites#lifearts 242. https://english.stackexchange.com/ 243. https://skeptics.stackexchange.com/ 244. https://judaism.stackexchange.com/ 245. https://travel.stackexchange.com/ 246. https://christianity.stackexchange.com/ 247. https://ell.stackexchange.com/ 248. https://japanese.stackexchange.com/ 249. https://chinese.stackexchange.com/ 250. https://french.stackexchange.com/ 251. https://german.stackexchange.com/ 252. https://hermeneutics.stackexchange.com/ 253. https://history.stackexchange.com/ 254. https://spanish.stackexchange.com/ 255. https://islam.stackexchange.com/ 256. https://rus.stackexchange.com/ 257. https://russian.stackexchange.com/ 258. https://gaming.stackexchange.com/ 259. https://bicycles.stackexchange.com/ 260. https://rpg.stackexchange.com/ 261. https://anime.stackexchange.com/ 262. https://puzzling.stackexchange.com/ 263. https://mechanics.stackexchange.com/ 264. https://boardgames.stackexchange.com/ 265. https://bricks.stackexchange.com/ 266. https://homebrew.stackexchange.com/ 267. https://martialarts.stackexchange.com/ 268. https://outdoors.stackexchange.com/ 269. https://poker.stackexchange.com/ 270. https://chess.stackexchange.com/ 271. https://sports.stackexchange.com/ 272. https://stackexchange.com/sites#culturerecreation 273. https://mathoverflow.net/ 274. https://math.stackexchange.com/ 275. https://stats.stackexchange.com/ 276. https://cstheory.stackexchange.com/ 277. https://physics.stackexchange.com/ 278. https://chemistry.stackexchange.com/ 279. https://biology.stackexchange.com/ 280. https://cs.stackexchange.com/ 281. https://philosophy.stackexchange.com/ 282. https://linguistics.stackexchange.com/ 283. https://psychology.stackexchange.com/ 284. https://scicomp.stackexchange.com/ 285. https://stackexchange.com/sites#science 286. https://meta.stackexchange.com/ 287. https://stackapps.com/ 288. https://api.stackexchange.com/ 289. https://data.stackexchange.com/ 290. https://stackoverflow.blog/?blb=1 291. https://www.facebook.com/officialstackoverflow/ 292. https://twitter.com/stackoverflow 293. https://linkedin.com/company/stack-overflow 294. https://creativecommons.org/licenses/by-sa/4.0/ 295. https://stackoverflow.blog/2009/06/25/attribution-required/ Hidden links: 297. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 298. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 299. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 300. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 301. https://stackexchange.com/ 302. https://stackexchange.com/ 303. https://meta.stackexchange.com/ 304. https://meta.stackexchange.com/posts/343302/timeline 305. https://meta.stackexchange.com/users/135201/nick-craver 306. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 307. https://meta.stackexchange.com/posts/343321/timeline 308. https://meta.stackexchange.com/users/350567/ibug-is-disappointed-in-se 309. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 310. https://meta.stackexchange.com/posts/343341/timeline 311. https://meta.stackexchange.com/users/243091/federico-poloni 312. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 313. https://meta.stackexchange.com/posts/343389/timeline 314. https://meta.stackexchange.com/users/282094/rob 315. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 316. https://meta.stackexchange.com/posts/343400/timeline 317. https://meta.stackexchange.com/users/184688/e-p 318. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 319. https://meta.stackexchange.com/posts/343368/timeline 320. https://meta.stackexchange.com/users/221016/cnst 321. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 322. https://stackoverflow.blog/2020/02/05/the-2020-developer-survey-is-now-open/ 323. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 324. https://meta.stackexchange.com/q/2267 325. https://meta.stackexchange.com/q/271080 326. https://meta.stackexchange.com/q/277369 327. https://meta.stackexchange.com/q/292058 328. https://meta.stackexchange.com/q/295285 329. https://meta.stackexchange.com/q/297816 330. https://meta.stackexchange.com/q/325060 331. https://meta.stackexchange.com/q/333965 332. https://meta.stackexchange.com/q/334575 333. https://meta.stackexchange.com/q/336526 334. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services 335. https://meta.stackexchange.com/questions/343302/tls-1-0-and-tls-1-1-removal-for-stack-exchange-services