NTS client configuration support has landed
Richard Laager
rlaager at wiktel.com
Sun Feb 3 00:03:58 UTC 2019
On 2/2/19 4:10 PM, Eric S. Raymond via devel wrote:
> Gary E. Miller via devel <devel at ntpsec.org>:
>> As previously discussed her. A min options was tried by others in the
>> past, and failed. When SSL 2 gave way to TLS 1, the min broke.
>
> Well, of *course* any minssl option stopped being useful when there was a major
> interoperability break! That's an out-of-context change. It could not have
> been otherwise.
To be fair, the previous standard approach of taking a list of versions
did work across this change. While we're at the end of it, it's only
been very recently (like the last year) where turning off SSLv3 became a
hard requirement in certain standards.
To be clear, I agree that a minimum version is fine moving forward. But
so is a list of versions, too. Pick one and call it a day.
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/c50a964e/attachment.bin>
More information about the devel
mailing list