Against certain proposed TLS client-side options
Richard Laager
rlaager at wiktel.com
Sun Feb 3 03:16:57 UTC 2019
On 2/2/19 9:11 PM, Gary E. Miller via devel wrote:
>> tlsversions "1.2 1.3"
> Which would have broken when SSL became TLS, and will break when TLS
> becomes XXX.
Not really. Roll back the world to SSLv3 being the latest:
I would be proposing this:
sslversions "2 3"
Then the IETF changes the name to TLS and restarts the numbering. That's
trivial to address:
sslversions "2 3 tls1"
So if TLS gets renamed to XYZ, it just becomes:
tlsversions "1.2 1.3 xyz1"
and make
xyzversions an alias for tlsversions.
This is really small potatoes. If you want it to be like this, I don't care:
tlsversions "tls1.2 tls1.3"
But we're still putting tls in the option name, so is that a problem?
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/e04716d3/attachment-0001.bin>
More information about the devel
mailing list