You're right. Thanks for pointing that out. Adoption takes time.
https://luxsci.com/blog/ssl-versus-tls- ... rence.html
What about TLS v1.3?
TLS v1.3 is the latest and greatest version of TLS. It became an Internet standard on March 25th, 2018. According to NIST, organizations should make plans to support TLS v1.3 by January 1st, 2020 or sooner.
That doesn't mean it can't be added right now. Enabling TLSv1.2 with TLSv1.3 works great using ciphers that are compatible for just those two standards. I have nothing but "
A+" analysis reviews on both
https://securityheaders.com/ and
https://www.ssllabs.com/ssltest/ for my site. It is also fully compatible with almost everything out there, with the exception being "
Chrome 49 / XP SP3". For now though, using TLS 1.2 is still absolutely necessary until PHP adopts TLS 1.3. Running TLS 1.3 by itself without TLS 1.2 doesn't work at the moment.
I'm using this on my website (nginx.org setup) with no issues:
Code: Select all
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES+SHA384:EECDH+AES+SHA256;
ssl_prefer_server_ciphers on;
To break it down:
TLSv1.3
TLS13-AES-128-GCM-SHA256
TLS13-AES-256-GCM-SHA384
TLS13-CHACHA20-POLY1305-SHA256
TLSv1.2
EECDH+CHACHA20
EECDH+AESGCM
EECDH+AES+SHA384
EECDH+AES+SHA256
Source:
https://www.unrealircd.org/docs/SSL_Cip ... _protocols