It seems that TLS 1.3 still uses SHA384, which has bad performance. But BLAKE3 is enough secure and is faster than MD5; for better performance with enough security level, why not use BLAKE3 for the latest TLS standard? Furthermore, NIST selected some post-quantum ciphers: https://nist.gov/pqcrypto
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
