Re: [TLS] How are we planning to deprecate TLS 1.2?
Rob Sayre <sayrer@gmail.com> Fri, 03 March 2023 22:47 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C3B2C151B00 for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 14:47:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGqu0mM8C_7v for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 14:46:55 -0800 (PST)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2BBAC14CEE4 for <tls@ietf.org>; Fri, 3 Mar 2023 14:46:55 -0800 (PST)
Received: by mail-ed1-x535.google.com with SMTP id d30so16280355eda.4 for <tls@ietf.org>; Fri, 03 Mar 2023 14:46:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677883613; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QjrOkm2uht3XDSuMO6nCXwL5hvldtioneyRZq3I4S3E=; b=KMxvONqHFtmIWYzhMBMMsMhnmGTp6cS3ZhfvvLUTjfRH20j1PRnNjwewF2um88Bu3R G+e/1QmFIuuLAUrYW8/tQgrYwMOOcwt3yv99rT/mTk5X7j2cYiV+gi6PCEPO2xj8ypp0 8ZNtdk9KJ2EgequCuOlBP8URooZTYO74397cEuB+DJC8rUjvOMiScH7PfiyQwMIE6LJj xHXCSpWQ9mMgXVSYSVHbFjTFXePFzSPNqVdtEe8+qQd4Z5hFdcD8FmYrts9ey0sbKTqw CtNZcvb4CypVEN5EwPp7YNRKoALObfchTYW3O5aGz4Aa+fZxVl3PZcsAc4MBqc5nUedl T+WA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677883613; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QjrOkm2uht3XDSuMO6nCXwL5hvldtioneyRZq3I4S3E=; b=Hfq6+lB/MIyy/UjEduB10php66sJTXtFtSGZvOTCXUAu1eCpePdfyTI7JP0B1eBQ7W 79xKv2juogmH73decJIt5FpSz0UwOD2qYi6j1a2kSF7jaJrVkhBTTXE5Hn+sia+Tjdv/ THkH4Qc31U6YVGWXujAlNwGo260FfHWmka2E4rmHjqKINSpzo/NZGGFx2IBY/nKJxpQj +dVWJx2k8aZKAcuflFjoT8suvwE3mH6RYiA2M7Z5Ndg3UwJULfa9inejnfgLDQVV8tlJ Zumkq5Q7tcGaVCZYhNR0wpp+sjiZZL2tu46EbM4AeUIo/h75xk6orp3u9LXKD3ytoBQW bcFg==
X-Gm-Message-State: AO0yUKUt9Sf/7uFXuN4ElUsnvsk/UjIKDhsM0BK+c//ed0PEOg1QgZPj h9qoi5tYz2q1HOlyQG1+C1iWboDqLpX6xlyugI856isAW20=
X-Google-Smtp-Source: AK7set/odCD49+clFjScD2w+pwk46ez2p/MzRTWtxgxfuqaOe4eDpOC/Vgy61MbvAPIlMJ2HbMIpzvIcYma0ZNOJ2uk=
X-Received: by 2002:a17:906:b190:b0:888:3bc4:7e86 with SMTP id w16-20020a170906b19000b008883bc47e86mr1604276ejy.14.1677883613037; Fri, 03 Mar 2023 14:46:53 -0800 (PST)
MIME-Version: 1.0
References: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com> <CABcZeBORp+jpXe6pU+7bhn7wXwRuzvCiyjdYMf_nWkwt7jhpDw@mail.gmail.com> <1EDA94E9-C783-4B72-8858-422BC40548DC@sn3rd.com>
In-Reply-To: <1EDA94E9-C783-4B72-8858-422BC40548DC@sn3rd.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 03 Mar 2023 14:46:41 -0800
Message-ID: <CAChr6SxejgFv0d+CJoLxNWAq1FfjSBDnyFQ62c1bLB3Cqn8D_w@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: Eric Rescorla <ekr@rtfm.com>, TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bacb7305f606b856"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ApYddkEjQ__XWwJd0aBf-dEv05c>
Subject: Re: [TLS] How are we planning to deprecate TLS 1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2023 22:47:00 -0000
On Fri, Mar 3, 2023 at 11:25 AM Sean Turner <sean@sn3rd.com> wrote: > just want to point of out that at least in the IETF that RFC 9325 [1] was > recently published. > Right. A salient sentence here: "Therefore, this document replaces [RFC7525], with an explicit goal to encourage migration of most uses of TLS 1.2 to TLS 1.3." Also, many TLS libraries have started to disentangle TLS 1.2 from TLS 1.3 code. The one I use most often is Rustls, and there's a build flag for this: https://github.com/rustls/rustls/blob/25bc1b3ecd559ea70c6ae8a83533d430dd67db35/rustls/Cargo.toml#L24 I ship TLS 1.3-only all the time. I wouldn't do that for a really popular website just yet, but it's usually fine. thanks, Rob
- [TLS] How are we planning to deprecate TLS 1.2? Nimrod Aviram
- Re: [TLS] How are we planning to deprecate TLS 1.… Eric Rescorla
- Re: [TLS] How are we planning to deprecate TLS 1.… Kenneth Vaughn
- Re: [TLS] How are we planning to deprecate TLS 1.… Sean Turner
- Re: [TLS] How are we planning to deprecate TLS 1.… Bas Westerbaan
- Re: [TLS] How are we planning to deprecate TLS 1.… Ilari Liusvaara
- Re: [TLS] How are we planning to deprecate TLS 1.… Viktor Dukhovni
- Re: [TLS] How are we planning to deprecate TLS 1.… Rob Sayre
- Re: [TLS] How are we planning to deprecate TLS 1.… Peter Gutmann
- Re: [TLS] How are we planning to deprecate TLS 1.… Watson Ladd
- Re: [TLS] How are we planning to deprecate TLS 1.… Rob Sayre
- Re: [TLS] How are we planning to deprecate TLS 1.… Viktor Dukhovni