NTS dropping TLS 1.2

Eric S. Raymond esr at thyrsus.com
Mon Mar 23 10:43:16 UTC 2020


Hal Murray <hmurray at megapathdsl.net>:
> We can do several things:
>   1) clean out the ifdefs that make things work with older versions of OpenSSL.
>     That is drop support for systems that haven't upgraded their OpenSSL to a 
> supported version.
>   2) leave things alone, ignore the RFC.
>     Or maybe add some nasty warning messages
>     How long?
>   3) make a configure option to disable NTS so that NTPsec builds on older 
> OSes but doesn't support NTS.
> 
> I propose option 1.  Simple and clean.  I don't think we will drop many 
> systems.

I concur.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>




More information about the devel mailing list