Re: [TLS] No cypher overlap
Florian Weimer <fw@deneb.enyo.de> Sat, 01 August 2015 21:16 UTC
Return-Path: <fw@deneb.enyo.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 889751A1EF6 for <tls@ietfa.amsl.com>; Sat, 1 Aug 2015 14:16:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.361
X-Spam-Level:
X-Spam-Status: No, score=-0.361 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N72lonhQ5wX9 for <tls@ietfa.amsl.com>; Sat, 1 Aug 2015 14:16:45 -0700 (PDT)
Received: from albireo.enyo.de (albireo.enyo.de [46.237.207.196]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B96D41A1C06 for <tls@ietf.org>; Sat, 1 Aug 2015 14:16:45 -0700 (PDT)
Received: from [172.17.203.2] (helo=deneb.enyo.de) by albireo.enyo.de with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) id 1ZLe94-000550-Ad; Sat, 01 Aug 2015 23:16:42 +0200
Received: from fw by deneb.enyo.de with local (Exim 4.84) (envelope-from <fw@deneb.enyo.de>) id 1ZLe94-0006qk-5y; Sat, 01 Aug 2015 23:16:42 +0200
From: Florian Weimer <fw@deneb.enyo.de>
To: Hubert Kario <hkario@redhat.com>
References: <8087760.Ce9A43SzlW@pintsize.usersys.redhat.com> <20150728160154.GU4347@mournblade.imrryr.org> <2289724.pXJjcWpFTc@pintsize.usersys.redhat.com>
Date: Sat, 01 Aug 2015 23:16:42 +0200
In-Reply-To: <2289724.pXJjcWpFTc@pintsize.usersys.redhat.com> (Hubert Kario's message of "Wed, 29 Jul 2015 11:59:41 +0200")
Message-ID: <871tfm1zgl.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/IwoG5FG4A18weYjZo4dqxE7rSQs>
Cc: tls@ietf.org
Subject: Re: [TLS] No cypher overlap
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2015 21:16:47 -0000
* Hubert Kario: > On Tuesday 28 July 2015 16:01:55 Viktor Dukhovni wrote: >> In that case, it should be said that a client MUST NOT advertise >> TLS 1.3 unless it offers at least one of the TLS 1.3 MTI ciphers >> (or perhaps less restrictive at least one TLS 1.3 compatible cipher). > > MTI does not mean Mandatory To Enable Are you sure? That's extremely surprising. Of course, people are free to run the servers in odd configuration, but my understanding is that's not TLS anymore.
- [TLS] No cypher overlap (was: ban more old crap) Hubert Kario
- Re: [TLS] No cypher overlap (was: ban more old cr… Viktor Dukhovni
- Re: [TLS] No cypher overlap (was: ban more old cr… Hubert Kario
- Re: [TLS] No cypher overlap Florian Weimer
- Re: [TLS] No cypher overlap Florian Weimer
- Re: [TLS] No cypher overlap Martin Rex
- Re: [TLS] No cypher overlap Hubert Kario
- Re: [TLS] No cypher overlap Simon Josefsson