Re: [netconf] draft-ietf-netconf-tls-client-server-34 tls-version
Kent Watsen <kent+ietf@watsen.net> Sat, 02 March 2024 03:57 UTC
Return-Path: <0100018dfd4f9dbb-77e2c1f3-96c8-4dd2-afa9-a02566f98621-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3490C14CEFD for <netconf@ietfa.amsl.com>; Fri, 1 Mar 2024 19:57:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1zvI00UIjsq for <netconf@ietfa.amsl.com>; Fri, 1 Mar 2024 19:57:51 -0800 (PST)
Received: from a48-110.smtp-out.amazonses.com (a48-110.smtp-out.amazonses.com [54.240.48.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0EDCC14CEFA for <netconf@ietf.org>; Fri, 1 Mar 2024 19:57:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1709351870; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=/JfsOcaUWltZkEFIpPAIUTT7ZRslE21jcHtLvhBf6bc=; b=ex2Nf9xOlcHEgjaoaSXYK8NVJg1BnT12RN6PO28gMwuesCcTHrrd4LZrHcYGp8Z7 tfKbj/GzdnMR2axfhHqA5v/Er+X0/EyCaZJonWudJox3METL/r5ZK/EDp7RWbmYLj8E 6/YyG/2y3B6aDjPemaBEj1DLV57OcszDWfl+k9Mk=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100018dfd4f9dbb-77e2c1f3-96c8-4dd2-afa9-a02566f98621-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_159BD668-63E9-4DBB-A20C-9E8824615143"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Sat, 02 Mar 2024 03:57:49 +0000
In-Reply-To: <1b1fa39b-da8c-45c5-8ba2-ce72d1b54ea8@cesnet.cz>
Cc: "netconf@ietf.org" <netconf@ietf.org>
To: Michal Vasko <mvasko@cesnet.cz>
References: <afa59a41-0fb6-47c3-a1bf-aadfa0433a5d@cesnet.cz> <0100018df764a22e-48daaa70-a779-4636-b004-91b524b556b6-000000@email.amazonses.com> <1b1fa39b-da8c-45c5-8ba2-ce72d1b54ea8@cesnet.cz>
X-Mailer: Apple Mail (2.3774.400.31)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.03.02-54.240.48.110
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/dg1Jdls--SU7CfT-7XwSrWFAbHw>
Subject: Re: [netconf] draft-ietf-netconf-tls-client-server-34 tls-version
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Mar 2024 03:57:51 -0000
Hi Michal, > On Mar 1, 2024, at 2:11 AM, Michal Vasko <mvasko@cesnet.cz> wrote: > > Hi Kent, > > yeah, I was not sure whether you have seen it but had enough other work and then forgotten about it. > Distracted by life ;) > As stated in the email, being able to set both min and max supported version makes sense to me (and is supported by OpenSSL), not so much customizing the priority of each TLS version, so that is my proposal. Thanks. > Okay, so I just did this: 162 container tls-versions { 163 description 164 "Parameters regarding TLS versions."; 165 leaf min { 166 type identityref { 167 base tls-version-base; 168 } 169 description 170 "If not specified, then there is no configured 171 minimum version."; 172 } 173 leaf max { 174 type identityref { 175 base tls-version-base; 176 } 177 description 178 "If not specified, then there is no configured 179 maximum version."; 180 } 181 } All good? > Regards, > Michal > Thanks again, Kent
- [netconf] draft-ietf-netconf-tls-client-server-34… Michal Vasko
- Re: [netconf] draft-ietf-netconf-tls-client-serve… Kent Watsen
- Re: [netconf] draft-ietf-netconf-tls-client-serve… Michal Vasko
- Re: [netconf] draft-ietf-netconf-tls-client-serve… Kent Watsen
- Re: [netconf] draft-ietf-netconf-tls-client-serve… Michal Vasko
- Re: [netconf] draft-ietf-netconf-tls-client-serve… Kent Watsen
- Re: [netconf] draft-ietf-netconf-tls-client-serve… Michal Vasko
- Re: [netconf] draft-ietf-netconf-tls-client-serve… Kent Watsen