Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
Tony Arcieri <bascule@gmail.com> Fri, 22 May 2015 02:56 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id B402E1A8F51
for <tls@ietfa.amsl.com>; Thu, 21 May 2015 19:56:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id lTfJ6tEBtxAQ for <tls@ietfa.amsl.com>;
Thu, 21 May 2015 19:56:44 -0700 (PDT)
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com
[IPv6:2607:f8b0:4003:c01::22e])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 0D5011A8F43
for <tls@ietf.org>; Thu, 21 May 2015 19:56:44 -0700 (PDT)
Received: by obcus9 with SMTP id us9so4263189obc.2
for <tls@ietf.org>; Thu, 21 May 2015 19:56:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc:content-type;
bh=14QzR9K3Hk99Ch7nqm9+3ooqxtikwQp3b2xklpmNS04=;
b=CAmzlZOqWzfNARWEc+8FG7Fa69azK2Ii5vgRHfzxfwbgCUPg9MXP/Vb61gDlc5cKTG
hrONUDWZfl73nBjY2e3+udpu64UMpMiMUx4OEZRDzs27Ox0sikKy2pd4g2Q0e4aMEcJN
gG0Bssb3QPaU+1Mcnbcshaa9n3As9RR6WUjqcqx95xjH+mI+Ssfbk+Wjr2i3kxfyMUrg
WKEACj83S8OIxkWxOlJc3AEVpvtCz0m2/e3rL1tOXia0aYOLvJRFhBrSKMk64XVbfD/D
J810OCKGc9LRbUSc4DZnaKgqgWUbK/K2FIWZinsEf5WBZtw/+abS3mzzvjjqfv6LCCvo
Nqyw==
X-Received: by 10.60.144.201 with SMTP id so9mr4855995oeb.3.1432263403486;
Thu, 21 May 2015 19:56:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.25.198 with HTTP; Thu, 21 May 2015 19:56:22 -0700 (PDT)
In-Reply-To: <20150522025214.GA21141@typhoon.azet.org>
References: <201505211210.43060.davemgarrett@gmail.com>
<CABkgnnW-3ccJqM634dtjgqLGbc11Z2LgFFxpC2EjF-8dKk4o2A@mail.gmail.com>
<20150522025214.GA21141@typhoon.azet.org>
From: Tony Arcieri <bascule@gmail.com>
Date: Thu, 21 May 2015 19:56:22 -0700
Message-ID: <CAHOTMVJ1i+h3x8UShLhku5VcFiB4RRrUmPZL6cz7LnHMeHzAFA@mail.gmail.com>
To: Aaron Zauner <azet@azet.org>
Content-Type: multipart/alternative; boundary=047d7b3a970863c6340516a2cf2d
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Po_J_s6yz1oXYY-hwObcQRJCuIw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2015 02:56:45 -0000
On Thu, May 21, 2015 at 7:52 PM, Aaron Zauner <azet@azet.org> wrote: > So how about that TLSv1-diediedie document? :) I am very much +1 for more diediedie documents ;) -- Tony Arcieri
- [TLS] prohibit <1.2 support on 1.3+ servers (but … Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Loganaden Velvindron
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Yoav Nir
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Thijs van Dijk
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Jeffrey Walton
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Kurt Roeckx
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Yuhong Bao
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Yoav Nir
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Yoav Nir
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Watson Ladd
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Yoav Nir
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Yoav Nir
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Martin Rex
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Martin Thomson
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Aaron Zauner
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Tony Arcieri
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Martin Thomson
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Aaron Zauner
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Martin Thomson
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Tony Arcieri
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Xiaoyin Liu
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Dave Garrett
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Martin Rex
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Hubert Kario
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Peter Gutmann
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Xiaoyin Liu
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Salz, Rich
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Salz, Rich
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Ronald del Rosario
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Dave Garrett
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Dave Garrett
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Geoffrey Keating
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Tony Arcieri
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Jeffrey Walton
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Bill Frantz
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Peter Gutmann
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Geoff Keating
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Jeffrey Walton
- Re: [TLS] prohibit <1.2 support on 1.3+ servers (… Florian Weimer
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Yuhong Bao
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Martin Thomson
- Re: [TLS] prohibit <1.2 on clients (but allow ser… Salz, Rich