On Friday, July 24, 2015 06:43:17 am Hubert Kario wrote: > And I completely agree. FREAK and Logjam wouldn't happen at all if we didn't > drag with us stuff that was considered legacy 10 years ago. > > But stuff like "server MUST abort handshake if it sees export grade ciphers > in > Client Hello" (or anything similar) will just get ignored. For a user a bad > connection is better than no connection. One works and the other doesn't, the > details are voodoo witchcraft.
To be clear, the wording I have in the PR is not this broad. It only requires aborting if export ciphers were offered by a TLS 1.3+ client, not just any client. The point is to ensure that all TLS 1.3 implementations cut this out and don't regress due to error or exploit. Applying it to everything would, unfortunately, be a mess. In particular, search engine spiders actually have a legitimate reason to have export ciphers actually still enabled. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
