Against certain proposed TLS client-side options

Eric S. Raymond esr at thyrsus.com
Sat Feb 2 11:16:45 UTC 2019


NEVER CONFIGURE WHAT YOU CAN DISCOVER

These are from nts.adoc:

     *tls1.2* Allow TLS1.2 connection.

     *tls1.3* Allow TLS1.3 connection.

We don't need these because in this 'graph

     Implementations MUST NOT negotiate TLS versions earlier than 1.2,
     SHOULD negotiate TLS 1.3 [RFC8446] or later when possible, and MAY
     refuse to negotiate any TLS version which has been superseded by a
     later supported version.

the last normative is a MAY, not a MUST.  Thus, you never need to do
anything but allow some connection at 1.2 or up even once 1.2 is
superseded. Correct[racticr is to use the highest version you have.

We also don't need these.

     *tls1.2ciphers [list]*  List of TLS 1.2 ciphers to negotiate, in prefered
     order.  The list is one or more cipher names, separated by colons.

     *tls1.3ciphers [list]*  List of TLS 1.3 ciphers to negotiate, in prefered
     order.  TLS 1.2 and 1.3 ciphers are different and must be specified
     separately as OpenSSL needs them separately.

     *ntpciphers [list]* List of ciphers to negotiate, in prefered order for
     the NTPD connection.  The server must support AEAD_AES_SIV_CMAC_256.

The correct, conformant policy is to negitiate your best possible TLS
version, then ask your TLS implementation what its list of ciphers
for that level is, then ship that.

NEVER CONFIGURE WHAT YOU CAN DISCOVER

Open for comment and rebuttal.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is
a well-armed lamb contesting the vote!
	-- Benjamin Franklin


More information about the devel mailing list