Michael, > On Apr 10, 2025, at 11:24 AM, Michael Richardson <[email protected]> > wrote: > ... > But, MUST do TLS 1.3 implies (to me), do *NOT* (refuse to) do TLS 1.2. > The only way to allow (MAY) TLS 1.2, is for TLS 1.3 to be SHOULD.
You can say "MUST support TLS 1.3, MAY support TLS 1.2, and MUST NOT support TLS 1.1 or 1.0". The minimum is TLS 1.3. You might support TLS 1.2 for "legacy" usage that is probably still secure. And you don't use TLS 1.0 or 1.1 because they have known, serious security issues. ________________________ Michael Sweet _______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
