>> I think in all but special cases specifying just the minimum is fine. The >> only reason I can think of for specifying the max version is that you have >> regulatory/compliance issues to comply with.
> We ran into this in EMU with EAP-TLS. The EAP application derived > application-specific keys based on TLS key exporter constructs. Those > constructs changed with TLS 1.3, and all of the code which supported "TLS 1.2 > or higher" broke in weird ways. Wow, thanks for that. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
