On Sat, Jul 25, 2015 at 06:54:36AM +0000, Salz, Rich wrote:
> > What we've cannot yet turn off is RC4.
>
> Then do not use TLS 1.3
Actually, we can use TLS 1.3, just not with peers that only do RC4.
Provided the 1.3 servers don't do anything actively hostile and
terminate the handshake when they see RC4-SHA1 offered among other
more acceptable ciphersuites.
I was definitely not arguing for inclusion of RC4 in TLS 1.3. I
am more than happy with AEAD-only in TLS 1.3, with no RC4.
When an opportunistic TLS client that supports TLS 1.0--1.3, and
includes RC4 in its list of ciphersuites, connects to a 1.3 server
RC4 will not be the negotiated ciphersuite when the server decides
to use 1.3.
I was just noting for the record, that even with opportunistic TLS
we've already made some progress in getting rid of "old crap", but
not yet all.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
