InCommon Baseline TLS 1.2
Brent Goebel
Brent.Goebel at du.edu
Wed Jun 30 20:11:44 UTC 2021
Hello all,
I’m following the InCommon Baseline Expectations 2 that is required for our IdPs. I see that one of the requirements is related to encryption. Link here: https://spaces.at.internet2.edu/display/federation/be2-guide-encrypt-endpoints
When I run the SSLLab Server Test on our IdP domain I get a score of a B. They require a score of an A or higher. I am getting a B because we support TLS 1.1. It seems like in order to get a higher score I need to not support TLS 1.0 and 1.1 and start supporting TLS 1.2.
Looking through the Shibboleth user group I saw one conversation where some participants did not agree with InCommon on this requirement (attached). That was back in March 2021 so I wanted to start a new conversation on this.
What are your thoughts or plans with this? I wanted to reach out and see what everyone is doing in regards to this. Are you all moving to TLS 1.2 to score an ‘A’? Or are you just staying at a score of a ‘B’ for this and moving on? Any concerns you have with moving an IdP from TLS 1.0/1.1 to TLS 1.2?
InCommon wants this all done by mid-July so I’m thinking some of you already started this.
Thanks,
Brent
Brent Goebel
Systems Engineer III
Information Technology ‖ University of Denver
2100 South High Street ‖ Denver CO 80210
brent.goebel at du.edu<mailto:brent.goebel at du.edu>
[DULogo_IT]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210630/db899f6b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6262 bytes
Desc: image001.jpg
URL: <http://shibboleth.net/pipermail/users/attachments/20210630/db899f6b/attachment.jpg>
More information about the users
mailing list