Hi Victor,
We've never supported DHE, and are skipping it to ECDHE as DHE is considered
by our security scans to be too insecure (as our LB's implementation is capped
at 1024 bit ephemerals)
________________________________
From: Viktor Dukhovni <ietf-d...@dukhovni.org>
Sent: Tuesday, June 19, 2018 1:07 PM
To: Ben Personick
Cc: TLS WG
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
> On Jun 19, 2018, at 11:17 AM, Ben Personick <ben.person...@iongroup.com>
> wrote:
>
> Yes, I meant ECDHE_ECDSA and ECDHE_RSA are both supported in TLS 1.3, I’d
> been lead to believe that all RSA based ciphers were not supported.
>
> Having seem some further responses, it appears it is only the NON ECDHE RSA
> Based ciphers which are having support dropped in TLS 1.3
I may have been too cryptic. When I wrote (EC)DHE I meant both DHE and ECDHE.
However, some (early) implementations may only support ECDHE with TLS 1.3.
IIRC, OpenSSL 1.1.1 does not yet support the TLS 1.3 DHE groups. So
interoperability if you only support DHE may be problematic.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
