Against certain proposed TLS client-side options
Gary E. Miller
gem at rellim.com
Sun Feb 3 03:11:00 UTC 2019
Yo Richard!
On Sat, 2 Feb 2019 20:52:33 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:
> On 2/2/19 7:25 PM, Richard Laager via devel wrote:
> > # Requiring a bounded set of audited TLS versions
> > # (the DOD STIG scenario, unverified as to actual requirement)
> > tlsmin 1.2 tlsmax 1.3
> > OR
> > tlsversions "1.3"
>
> This should be:
>
> tlsmin 1.2 tlsmax 1.3
> OR
> tlsversions "1.2 1.3"
Which would have broken when SSL became TLS, and will break when TLS
becomes XXX.
Remeber the failures of the past. Do not repeat them.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/d99bf3d3/attachment.bin>
More information about the devel
mailing list