Perhaps this would be a good time to put in a plug for additional funding for openssl et al...
On Mar 14, 2018 14:53, "Russ Housley" <hous...@vigilsec.com> wrote: > > > On Mar 14, 2018, at 8:39 AM, Hubert Kario <hka...@redhat.com> wrote: > > > > On Tuesday, 13 March 2018 23:16:47 CET Russ Housley wrote: > >> Ted: > >>> There's an easy way to do this, although as a sometime bank security > geek > >>> I would strongly advise you to not do it: keep using TLS 1.2. > >> This is a bogus argument. First, staying with an old protocol version > often > >> leads to locking in unmaintained versions of old software. > > > > this is simply not true, the newest versions of OpenSSL, NSS, GnuTLS and > > schannel allow you to disable TLS 1.2 and TLS 1.1 protocol support to > > effectively only support TLS 1.0! > > After TLS 1.3 is approved, I have heard a desire from software maintainers > to drop support for some of the older versions over time. Support for SSL > 3.0 has been dropped in some cases, and for good reasons. > > Russ > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
