AnsweredAssumed Answered

TLS 1.3 version intolerant servers should get lower grades

Question asked by Dave Garrett on Dec 18, 2014
Latest reply on Dec 21, 2014 by j-mailor

The "TLS version intolerance" line in the test results treats TLS 1.3 intolerance as a side-note. (just shows it in grey) Only 1.2 and under are listed as warnings. Please update this to warn for TLS 1.3 intolerance and apply a grade cap of 'B' for TLS 1.3 intolerant servers. Non-secure fallback is largely going away and TLS 1.3 will (hopefully) be ready sometime next year. The test should alert people that this will be a big problem in the near future.


In general, all TLS 1.x intolerance should be stated more prominently in the test results.


Also, TLS 1.2/1.1 intolerance should probably be an autofail instead of a warning, at this point.