On Tuesday, September 22, 2015 02:16:47 pm Julien ÉLIE wrote: > Regarding vulnerable protocols, clients (and/or servers) could very well > disable compression in TLS. And either never use compression or > implement their own compression, according to their needs. > It is what happened with BEAST: Firefox and Chrome disabled TLS > compression.
No sane security protocol should allow any mode which is known to be insecure under its common use-case. TLS 1.2 is technically configurable in a secure manner, but hardly anyone does so correctly. With TLS 1.3, we need to get rid of all of the insecure modes so all configurations are secure (at least to start). Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
