NTS client configuration support has landed
Gary E. Miller
gem at rellim.com
Sat Feb 2 21:06:21 UTC 2019
Yo Eric!
On Sat, 2 Feb 2019 07:14:23 -0500
"Eric S. Raymond via devel" <devel at ntpsec.org> wrote:
> > We need to setup a mechanism to review the defaults occasionally.
> > Maybe with each release. Maybe on Mark's birthday. The idea is to
> > track progress in the crypto community. If the default today is to
> > allow TLS 1.2, sometime we should bump the min up to 1.3. Yes,
> > that means breaking backwards compatibility. Lots of warning...
>
> I think it's easier than that.
>
> We have a min option.
As previously discussed her. A min options was tried by others in the
past, and failed. When SSL 2 gave way to TLS 1, the min broke.
Let's not repeat the obvious failures of the past.
> Otherwise we just link the default TLS library when we build. Let the
> normal upgrade cycle do the work.
Link? A build time contraint? Makes updating OpenSSL a PITA.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/db41ac28/attachment-0001.bin>
More information about the devel
mailing list