I think the OP and I are in the same boat, wondering how best to hang on to 12.17 for email as long as possible and when to let it go. We need a guru.

Did you not make an https connection using TLS in order to make that post?

Its not that I don't go to places that use TLS and HTTPS, its that I don't use just TLS and HTTPS to do things that I have security concerns with. If someone compromises the Opera forums and my account the worst case is they get my throwaway email address I used to register with and can make bogus posts in my name. Since I use very strong passwords* and don't reuse passwords between accounts that gets them nothing. Thats not a security concern because I am not risking anything. You wont see me putting out my SSN or CC/bank account info without some extra level of security though.

Its like using a cheap padlock vs a 800 lbs safe embedded in the concrete of my basement. The padlock is fine for keeping people out of my backyard shed. I'd definitely want my hundreds of millions of dollars in something more secure though.

What do you use instead?

Things other than the internet, generally. Its harder for a hacker to perform a man-in-the-middle attack when I've mailed my credit card bill payment via USPS Its even harder if I setup an automatic bill payment. In either case its out of my hands and someone else's problem. But, as I said above, if you're really concerned with security making sure your browser is up to date goes a long way to improving your security.

*My Opera account password is 350 bits. Just want to give a shout out to the team that maintains this site for allowing very long passwords. Good job.

I still try to avoid using TLS because of its known issues.

Did you not make an https connection using TLS in order to make that post? And how do you avoid TLS while using Opera? I see a flag to set the minimum TLS but nothing about maximum or about disabling TLS.

Unless there is an alternative it sounds like a strategy to use no security in order to avoid flawed security. That or give up a large part of my online activity as more and more sites use https. Maybe I am missing something here.

I still try to avoid using TLS because of its known issues.

What do you use instead?

You shouldn't use TLS at all, its not secure.

Opera 30 uses TLS.

Nope, its not safe. TLS 1.1 and 1.2 are flawed and you shouldn't use them.

What should we use? TLS 1.1 and 1.2 are the latest.

Your client supports cipher suites that are known to
be insecure:
TLS_RSA_WITH_RC4_128_MD5: This cipher use RC4 which has insecure biases in its output.
TLS_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output.

• Go to Settings - Preferences - Advanced tab - Security.
• Click the "Security protocols" button.
• Click the "Details" button.
• Look under the "Cipher" column, and uncheck :

128 bit ARC4 (RSA/MD5) and 128 bit ARC4 (RSA/SHA)

This will improve your results on howsmyssl.com.