Ted:

> There's an easy way to do this, although as a sometime bank security geek I 
> would strongly advise you to not do it: keep using TLS 1.2.

This is a bogus argument.  First, staying with an old protocol version often 
leads to locking in unmaintained versions of old software.  Second, using 
TLS1.2 does not technically address the issue.  If the client were to 
exclusively offer DHE-based ciphersuites, then the visibility techniques that 
have been used in the past are thwarted.

Russ

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to