TLS 1.1 and 1.2

[Old Forum guest] anonymous
Created: 4 years and 4 months ago
Can we get support for TLS 1.1 and 1.2 for users, whose browsers support them?

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


anonymous
DITTO.
posted by [Old Forum guest] • 4 years and 4 months ago Link
anonymous
I wanted to open a thread with the same request. :)
+1
posted by [Old Forum guest] • 4 years and 4 months ago Link
anonymous
Btw, I was also looking at TLS on Wikipedia and I noted that now RC4 cryptography is not secure anymore (very recent news, in july):
https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher
posted by [Old Forum guest] • 4 years and 4 months ago Link
anonymous
Very good request indeed. I didn't know that TLS1.0 is now insecure and that DDG doesn't support TLS1.2 
posted by [Old Forum daiquiri] • 4 years and 4 months ago Link
anonymous
That's a great idea!

I will forward this to those responsible for implementing it.


Casper Qvortrup
Forum Moderator
posted by [Old Forum screapdk] • 4 years and 4 months ago Link
anonymous
Again, adding my support for TLS 1.2 support ASAP.

Please make the default cipher either AES or Camellia (please stop using RC4 - it is old and insecure), and the default key exchange mechanism as ECDHE-RSA instead of the RSA used on dukgo (although ECDHE-RSA is used on the main search website).
posted by [Old Forum guest] • 4 years and 4 months ago Link
crazedpsyc
There are a few things to do before enabling TLS 1.1-2, but we are working on it. RC4 cannot be disabled in the near future because it's still the best thing supported by even recent versions of IE. As important as security is, we cannot completely drop compatibility like that. RC4 will just be low priority, so anything supporting better methods will use them. Noted on dukgo.com, too -- will work with that.
posted by crazedpsyc 4 years and 4 months ago Link
anonymous
Hi bizarre,

Ah - yes, you are right about compatibility. Is there a way for the server to suggest the stronger algorithms before falling back on RC4?
posted by [Old Forum guest] • 4 years and 4 months ago Link
crazedpsyc
Yup, that's the idea.
posted by crazedpsyc 4 years and 4 months ago Link
anonymous
DDG should at least give allow TLS 1.1 and 1.2. The new Firefox release (Firefox 24) supports TLS 1.2 (though it is not enabled by default). DDG should have it set so that the highest allowed TLS version in the users browser is used.
posted by [Old Forum guest] • 4 years and 4 months ago Link
anonymous
Bump!
What's the status of this feature? Looking forward to have insecure protocols disabled!
posted by [Old Forum daiquiri] • 4 years and 3 months ago Link
crazedpsyc
posted by crazedpsyc 4 years and 3 months ago Link
anonymous
Thank you for fast reply.
Shouldn't my chrome 29.0.1547.65 be using TLS 1.2 then?
Screenshots for chrome/29 and IE10:




posted by [Old Forum daiquiri] • 4 years and 3 months ago Link
anonymous
Yes but if it does, why isn't ANY browser using it unless forced (by disabling tls 1.0/1.1/ssl3.0)?

posted by [Old Forum daiquiri] • 4 years and 3 months ago Link
anonymous
SSL Labs says DDG only supports TLS 1.0 for Firefox 22.0. Does DDG support TLS 1.2 for Firefox 24? If not, Firefox 24 supports TLS 1.2, so that should be changed immediately.
posted by [Old Forum guest] • 4 years and 3 months ago Link
anonymous
This website says DDG does not support TLS 1.1 or TLS 1.2: https://sslanalyzer.comodoca.com/?url=https%3A%2F%2Fduckduckgo.com%2F
posted by [Old Forum guest] • 4 years and 3 months ago Link
yegg
We are rolling it out in our next server upgrades.
posted by yegg Staff4 years and 3 months ago Link
anonymous
15 days after, what's the status of this request? Still TLS 1.0 here...
posted by [Old Forum daiquiri] • 4 years and 3 months ago Link