On Thursday 23 July 2015 11:43:45 Dave Garrett wrote:
> On Thursday, July 23, 2015 07:09:49 am Hubert Kario wrote:
> > vast swaths of web servers are misconfigured; introducing a more complex
> > mechanism to server configuration when the existing situation is
> > incomprehensible to many administr
; To: tls@ietf.org
> Subject: Re: [TLS] ban more old crap (was: A la carte concerns from IETF 93)
>
> On Thu, Jul 23, 2015 at 11:43:45AM -0400, Dave Garrett wrote:
>
>> Right now, the restrictions section prohibits:
>> RC4, SSL2/3, & EXPORT/NULL entirely (via min
On Thursday, July 23, 2015 12:00:34 pm Viktor Dukhovni wrote:
> On Thu, Jul 23, 2015 at 11:43:45AM -0400, Dave Garrett wrote:
> > Plus, "MUST" use DHE or ECDHE for ALL connections, even back to TLS 1.0,
> > or abort with a fatal error.
>
> Who's going to police the Internet to remove all the legac
On Thu, Jul 23, 2015 at 11:43:45AM -0400, Dave Garrett wrote:
> Right now, the restrictions section prohibits:
> RC4, SSL2/3, & EXPORT/NULL entirely (via min bits)
> and has "SHOULD" use TLS 1.3+ compatible with TLS 1.2, if available
So much for using NULL ciphers for client-server authentication
