Implementing NTS options
Richard Laager
rlaager at wiktel.com
Sun Feb 3 00:01:27 UTC 2019
On 2/2/19 4:01 PM, Gary E. Miller via devel wrote:
> Very common in the Apache, nginc, postfix and sendmail communities.
>
> For example. you set one virtual server for cell phone clients, using
> less strong ciphers, and another for admin clients with the strongest
> ciphers. So the cell phones are fast, and the admin is safe.
+1. I do stuff like this in the real world.
At $WORK, our publicly facing website has nothing confidential on it and
is used by ISP customers who sometimes run truly ancient PCs. (This may
be worse than average because we're in a lower-income rural area.)
I am subject to PCI DSS auditing on various servers, so they require TLS
1.2. But on the public website, I allow something older (TLS 1.0 still,
I think).
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/06285fab/attachment.bin>
More information about the devel
mailing list