Jakob Bohm wrote:
I believe this is an unfortunate reading of the RFCs. Fundamentally, the SSL3/TLS protocols do not tie the availability of a cipher suite to the version of the protocol document which was current when it was introduced. The fact that the most common cipher suites are defined in the same documents as the protocols themselves really should not be treated as more important than the fact that there is a single IANA registry for these values.
This is exactly my understanding as well.
So I believe the better implementation strategy would be to offer any implemented cipher suite value which is not fundamentally incompatible with the SSL/TLS version, rather than holding back improved algorithms until unrelated aspects of new TLS versions are implemented.
+1 from me. Darryl ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
