Michael, > On Apr 10, 2025, at 11:24 AM, Michael Richardson <mcr+i...@sandelman.ca> > wrote: > ... > But, MUST do TLS 1.3 implies (to me), do *NOT* (refuse to) do TLS 1.2. > The only way to allow (MAY) TLS 1.2, is for TLS 1.3 to be SHOULD.
You can say "MUST support TLS 1.3, MAY support TLS 1.2, and MUST NOT support TLS 1.1 or 1.0". The minimum is TLS 1.3. You might support TLS 1.2 for "legacy" usage that is probably still secure. And you don't use TLS 1.0 or 1.1 because they have known, serious security issues. ________________________ Michael Sweet _______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
