[Servercert-wg] List of Websites Relying on TLS 1.0 / 1.1

Wayne Thayer wthayer at mozilla.com
Mon Jul 1 08:54:12 MST 2019


Last year, Mozilla [1], Google [2], Microsoft [3], and Apple [4] all
announced that our browsers will stop supporting TLS 1.0 and 1.1 in March
2020. During the Mozilla browser update at the last two F2F meetings, I
have asked CAs to help get the word out to their customers about this
change. CAs have direct relationships with the organizations that operate
affected websites, and this provides a great opportunity for CAs to engage
with their customers and help to improve web security.

At the last meeting, I was asked if Mozilla could facilitate this outreach
by providing a list of websites that do not support TLS 1.2 or higher
grouped by the CA that issued the website's TLS certificate. This
information - for websites on the Tranco top 1 million list [5] - is
located at:

https://docs.google.com/spreadsheets/d/1iSEEfc5AuYwT5elAEvkZdLSbwBeJ_SR-0El6s08zNs8/edit#gid=2044764669

Please be aware that this information was collected 1-2 months ago, so I
recommend that you confirm that the site is still on the following list of
affected site, which is updated weekly:

http://tlscanary-plot-8e95d89854d73f4d.elb.us-west-2.amazonaws.com/tlsdeprecation-carnage.txt

Please let me know if you have any questions, and thanks in advance for
everyone's help with this!

- Wayne

[1]
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
[2]
https://security.googleblog.com/2018/10/modernizing-transport-security.html
[3]
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
[4]
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
[5] https://tranco-list.eu/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190701/94609518/attachment.html>


More information about the Servercert-wg mailing list