[Git][NTPsec/ntpsec][master] nts.adoc: remove proposed tls1.2 and 1.3 flags.

Eric S. Raymond gitlab at mg.gitlab.com
Sat Feb 2 19:59:01 UTC 2019 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
c4432839 by Eric S. Raymond at 2019-02-02T19:58:41Z
nts.adoc: remove proposed tls1.2 and 1.3 flags.

- - - - -


1 changed file:

- devel/nts.adoc


Changes:

=====================================
devel/nts.adoc
=====================================
@@ -232,18 +232,23 @@ and intermediate certificate bundles without a full daemon restart.
 
 == NTS Configuration parameters (client side) ==
 
-Options now implemented in the config parser are now described in
-docs/includes/assoc-options.txt
+*min-tls*:: This is not per-server but for all client sessions.  Must
+be at least 1.2. Bumped at crypto emergencies.
+
+To avoid having to configure TLS versions you accept beyond this, he
+right (and conformant) thing is to do is honor a global min-tls
+option, then just use the most recent version at or above it your TLS 
+library and the remote both support. If the remote can't cope, you
+abort.
+
+Per-server options now implemented in the config parser are now
+described in docs/includes/assoc-options.txt
 
 *cert [file]*  Present the certificate in *file* as our client certificate
 
 *ca [location]*  Use the file, or directory, specified by *location* to
 validate the NTS-KE server certificate.  Do not use any other CA.
 
-*tls1.2* Allow TLS1.2 connection.
-
-*tls1.3* Allow TLS1.3 connection.
-
 *tls1.2ciphers [list]*  List of TLS 1.2 ciphers to negotiate, in prefered
 order.  The list is one or more cipher names, separated by colons.
 



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/c4432839edef617b8b5b221e1418d3fba19b72b4

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/c4432839edef617b8b5b221e1418d3fba19b72b4
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190202/b01b5cc0/attachment.html>

More information about the vc mailing list