On 25 July 2015 at 16:13, Eric Rescorla <e...@rtfm.com> wrote: > The only question is whether it's legal to concurrently offer RC4 with TLS > 1.3 > for purposes of using RC4 with TLS 1.2 (just as you can offer AES-CBC > even though TLS 1.3 does not support it.) I am trying to work through this > myself, as the interactions with browser fallback are very complex.
And the strategies vary. It might be that we don't need to worry about this, because we might have widely disabled RC4 by the time TLS 1.3 ships. https://ipv.sx/telemetry/rc4.html _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
