Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

Kurt Roeckx <kurt@roeckx.be> Thu, 21 May 2015 21:03 UTC

Return-Path: <kurt@roeckx.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 201961A9031 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 14:03:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.002
X-Spam-Level:
X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e7uOzihP4vSj for <tls@ietfa.amsl.com>; Thu, 21 May 2015 14:03:20 -0700 (PDT)
Received: from defiant.e-webshops.eu (defiant.e-webshops.eu [82.146.122.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 516721A8ADA for <tls@ietf.org>; Thu, 21 May 2015 14:03:20 -0700 (PDT)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by defiant.e-webshops.eu (Postfix) with ESMTP id 1E4745AA002; Thu, 21 May 2015 23:03:18 +0200 (CEST)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id ECF7D1FE014F; Thu, 21 May 2015 23:03:17 +0200 (CEST)
Date: Thu, 21 May 2015 23:03:17 +0200
From: Kurt Roeckx <kurt@roeckx.be>
To: Dave Garrett <davemgarrett@gmail.com>
Message-ID: <20150521210317.GA23925@roeckx.be>
References: <201505211210.43060.davemgarrett@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201505211210.43060.davemgarrett@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-fdbv5FiAhomxDOtATETClnOe10>
Cc: tls@ietf.org
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 21:03:22 -0000

On Thu, May 21, 2015 at 12:10:42PM -0400, Dave Garrett wrote:
> 
> The reasoning here is that major server updates are unfortunately uncommon, but client updates are routine.

So everybody can already disable TLS 1.0 and 1.1 now, right?  All
clients have already been updated.


Kurt