On Fri, Aug 19, 2016 at 01:03:22PM +0000, Peter Gutmann wrote: > Ilari Liusvaara <ilariliusva...@welho.com> writes: > > >AFAIK, that failure can only happen if at least one of: > > [...] > > New groups are introduced but the server or client only support the old ones. > So the server does ffdhe2048, the client does ffdhe2048', both are quite happy > to do DHE-2048 but as a result of complying with 7919 they're forced to use > RSA.
Oh, and if you think this is bad, wait until you get to TLS 1.3, where you don't get fallback to RSA or some random DH group, you get almost certain connection failure. :-> -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
