On 06/19/2018 12:44 PM, Loganaden Velvindron wrote: > Hi All, > > As per: > https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00 > > Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by > default. No doubt that this will cause some discussions, I'm open to > hearing all opinions on this. >
Good idea for the public internet. IMO there are too many 'internal' devices / hardware that are not up-to-date and impossible to update. What about amending the patch so that we apply it only to public IP addresses ? And even then - we should not just 'fail' on older servers but tell the user why wget fails and what to do about it. In the end, the user is responsible and in control. Regards, Tim
signature.asc
Description: OpenPGP digital signature
