Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content

Website - Remove deprecated TLS versions

Summary

The webserver running e.foundation still supports deprecated TLS versions 1.0 and 1.1. These versions are considered insecure and therefore should be removed. Apache should be updated to solely support TLS 1.2 and 1.3.

All major browsers planned to remove old TLS versions in March this year. This has been postponed due to the corona crisis.
https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/
https://www.chromestatus.com/feature/5759116003770368

It makes sense to update the server configuration to follow this development.

This improvement concerns

  • UI
  • Behavior
  • Privacy
  • Security

Description

**What is the current behavior?**
Apache still allows connections using TLS 1.0 and 1.1

**What is the improved behavior?**
Apache should only allow connections using TLS 1.2 and 1.3 with appropriate cipher suites.

Refer to https://ssl-config.mozilla.org/#server=apache&version=2.4.29&config=intermediate&openssl=1.1.1d for a possible Apache configuration which ensures a high level of compatibility while also being secure.

**What does it bring?**
Improve overall security for visitors.

Edited by exyna