Hi, pardon the topquote.
I think you can find the answers you're looking for here:
https://www.rfc-editor.org/rfc/rfc9325
I believe this consensus is generally that TLS 1.3 is easier to configure
securely, but you can still get good security properties out of TLS 1.2 if
configured correctly (and
Hello,
I am new to this. I hope I may ask this question regarding TLS encrypted
communication between nameservers, for proposed RFC 9539
Will the ciphers be specified?
In practical terms I currently enabled this for DoT on port 853 in BIND9.18:
protocols { TLSv1.2; TLSv1.3; };
