Yo Eric! On Sat, 2 Feb 2019 07:14:23 -0500 "Eric S. Raymond via devel" <devel@ntpsec.org> wrote:
> > We need to setup a mechanism to review the defaults occasionally.
> > Maybe with each release. Maybe on Mark's birthday. The idea is to
> > track progress in the crypto community. If the default today is to
> > allow TLS 1.2, sometime we should bump the min up to 1.3. Yes,
> > that means breaking backwards compatibility. Lots of warning...
>
> I think it's easier than that.
>
> We have a min option.
As previously discussed her. A min options was tried by others in the
past, and failed. When SSL 2 gave way to TLS 1, the min broke.
Let's not repeat the obvious failures of the past.
> Otherwise we just link the default TLS library when we build. Let the
> normal upgrade cycle do the work.
Link? A build time contraint? Makes updating OpenSSL a PITA.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgptvykWL6TNy.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
