I agree that there is the absolute need for advocacy. I agree that we need to get rid of old TLS. But I disagree that it’s up to the OSes to make this a compile time issue.

If Debian comes out in 2019 in a state where 30% of the internet can’t talk to it without recompiling the daemon packages, then people will switch to „more compatible“ distros.

I have the infrastructure to quickly deploy patched packages, so for me this is just an annoyance (also because these self-built packages I have to security-patch myself, which is actually putting me at risk), but others don’t. For them this will be a reason to switch distros

thing is chrome and firefox are almost certainly going to disable it well before then, and thats gonna make a shitload of people enable it, not everyone granted, but its going to be a lot lower than 30%

The internet doesn't just consist of Firefox and Chrome. There's mail servers, mail clients, FTP clients, etc.

And Firefox and Chrome can be behind middleboxes and/or personal firewalls that only talk TLS 1.1 on the public-facing side.

And finally, there's a lot of android devices running Android < 5 which all don't support TLS 1.2 and never will.

(Edit: this reply is a reply to a your comment before your edit that stated I was at risk because of non-mitigatable issues in 1.1)

My 1.1 supporting customers are at risk. I'm not at risk.

If they take the (unwise) decision that the risk of their connections being eavesdropped is less significant that the amount of work it takes to update their internal network, than its their decision. I am absolutely not in the position to do advocacy there.

And neither are other companies who have to serve enterprise customers.

„But allowing 1.1 will allow attackers to force secure 1.2 supporting clients to downgrade“ you might say. To which I reply: why are they still supporting 1.1? If they are security conscious enough to update their infrastructure to support 1.2, they can disable anything else when talking to me.

The solution seems straight forward.

Okay with being eavesdropped? Do it unencrypted.

Not okay with being eavesdropped? Use not broken cryptography.

Company regulations require all communication to be encrypted, but they don't specify the protocol to use, so TLS 1.1 is fine but no TLS is banned.

I'm not making this up.

Actually PCI DSS does.

Funny enough, it tried to deprecate old TLS versions already but it was so widely used that they had to move back the date.

https://blog.pcisecuritystandards.org/migrating-from-ssl-and...

https://support.cloudflare.com/hc/en-us/articles/205043158-P...

Then the regulations need to have a mechanism to be updated in the case of new knowledge. If the regulations have no process to be updated then that is a more fundamental problem to solve.

After all, Debian is set to give the process of change 2 years. That is plenty of time for updating the regulation and processes.

> 2 years

Also, you can stay on oldstable for a while if you absolutely cannot upgrade.

Any joker can start a company and declare any regulation they like. I could require that all software be written in COBOL by moustachioed developers standing on one foot.

If I did that, I think Debian would not change their software to meet my bizarre "company regulations"