On Monday, 18 June 2018 21:10:05 CEST Ben Personick wrote:
> I can only support ecdsa_rsa unless I have an ECC certificate to support
> ecsda_ecsde ciphers.
that is software limitation, not protocol limitation
> Since TLS 1.3 will continue to allow ecdsa_rsa ciphers, there will be no
> push
> Since TLS 1.3 will continue to allow ecdsa_rsa ciphers, there will be no
> push to move towards offering them, because of various 'reasons'.
I think you mean ECDH with RSA. But yes, that’s a common situation, few
organizations pay to add security until they’re “forced” to do so. You’re not
Hi Rich,
Yes, I meant ECDHE_ECDSA and ECDHE_RSA are both supported in TLS 1.3, I’d
been lead to believe that all RSA based ciphers were not supported.
Having seem some further responses, it appears it is only the NON ECDHE RSA
Based ciphers which are having support dropped in TLS 1.3
Ie al
> On Jun 19, 2018, at 11:17 AM, Ben Personick
> wrote:
>
> Yes, I meant ECDHE_ECDSA and ECDHE_RSA are both supported in TLS 1.3, I’d
> been lead to believe that all RSA based ciphers were not supported.
>
> Having seem some further responses, it appears it is only the NON ECDHE RSA
> Ba
Ben Personick wrote:
>
> (My apology for the long email, I did not have time to write a shorter one)
> We are currently evaluating when to begin offering ECC Certificates
> based cypto on our websites.
>
> Despite the advantages to doing this in TLS 1.2, there is a lot of
> push-back to wait un
