Website has gained TLS 1.3 (draft 28)! Tracker will be dropping TLSv1 and TLSv1.1 support 2018-11-01



We've enabled TLS version 1.3 (draft 28) on the site at this time. Right now, primarily only Firefox users will notice, as most implementations used by browsers aren't on draft 28 yet. We'll update it to the release as soon as IETF publishes and openssl finishes any final tweaks. There should be no real noticable impact to users, though it increases security, and does have faster resumption times.



On the other side, we will be dropping TLS1 and TLSv1.1 support from the tracker as of 2018-11-01. Very few clients use these outdated versions, and they are no longer considered secure. TLSv1.2 was released August 2008, so primarily only very old client versions that don't use the OSes security, or clients that use the OS libraries on old OSes that should be updated will be affected. Last count it was below 350 clients using the old TLS 1 and 1.1 at this point. You can either update your client/OS, change clients, or stop using the secure (https) tracker, to the unencrypted http tracker (though we recommend everyone use the https tracker). We have also enabled a red nag message for all users with these outdated clients, so they'll know. If you need help with this changeover, please Contact Staff



Update




From our testing, it appears µTorrent mac (not windows) is completely unable to support anything beyond TLSv1. Not supporting TLSv1.1 (April 2006) or TLSv1.2 (August 2008) shows just how little they put into anything "security". As such you'll have to either switch to another mac client, or edit tracker URLs to be HTTP instead (and change your preferences as such). The latter option does vastly decrease the security of your site usage, as now your ISP can see all of your tracker calls in plain text.