> Most applications want a simple API that hides all the complexities of TLS. > If OpenSSL had done that, then it would be easy to see how enabling 1.2 won't > cause problems for those apps which said "you take care of it".
As someone with a long history of building, influencing, and using libraries and their API's, this is not easy. Would you disable 0RTT because the earlydata might be replayed? That would be the secure thing to do, so you make applications that want to use new features do extra work, ok. Would you disable AES-GCM because it's new, and perhaps it's an ARM-based application so the CPU cost is expensive? That's the insecure thing to do, isn't it? Who makes that trade-off? SCSV? SSLv2? Trust anchors? I still want a pony. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
