On 2/2/19 4:10 PM, Eric S. Raymond via devel wrote: > Gary E. Miller via devel <devel@ntpsec.org>: >> As previously discussed her. A min options was tried by others in the >> past, and failed. When SSL 2 gave way to TLS 1, the min broke. > > Well, of *course* any minssl option stopped being useful when there was a > major > interoperability break! That's an out-of-context change. It could not have > been otherwise.
To be fair, the previous standard approach of taking a list of versions did work across this change. While we're at the end of it, it's only been very recently (like the last year) where turning off SSLv3 became a hard requirement in certain standards. To be clear, I agree that a minimum version is fine moving forward. But so is a list of versions, too. Pick one and call it a day. -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
