Hi Rich, Yes, I meant ECDHE_ECDSA and ECDHE_RSA are both supported in TLS 1.3, I’d been lead to believe that all RSA based ciphers were not supported.
Having seem some further responses, it appears it is only the NON ECDHE RSA Based ciphers which are having support dropped in TLS 1.3 Ie all Non-Elliptic Curve Diffie Hellman ciphers ( eg AES-256 w/o DH, with DH or EDH/DHE, but not ECDHE_RSA) And yeah, it’s been my experience everywhere, but I was pretty pumped up to have a better reason to push to start implementing ECDHE_ECDSA Ciphers in addition to our existing Ciphers. Ben From: Salz, Rich [mailto:rs...@akamai.com] Sent: Tuesday, June 19, 2018 11:07 AM To: Ben Personick <ben.person...@iongroup.com>; TLS WG <tls@ietf.org> Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13 > Since TLS 1.3 will continue to allow ecdsa_rsa ciphers, there will be no > push to move towards offering them, because of various 'reasons'. I think you mean ECDH with RSA. But yes, that’s a common situation, few organizations pay to add security until they’re “forced” to do so. You’re not alone.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
