On Tue, Jun 19, 2018 at 3:18 PM, Tim Rühsen <tim.rueh...@gmx.de> wrote: > On 06/19/2018 12:44 PM, Loganaden Velvindron wrote: >> Hi All, >> >> As per: >> https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00 >> >> Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by >> default. No doubt that this will cause some discussions, I'm open to >> hearing all opinions on this. >> > > Good idea for the public internet. > > IMO there are too many 'internal' devices / hardware that are not > up-to-date and impossible to update. > > What about amending the patch so that we apply it only to public IP > addresses ?
This sounds reasonable. > > And even then - we should not just 'fail' on older servers but tell the > user why wget fails and what to do about it. In the end, the user is > responsible and in control. Yes, giving some info to the user would be good too. I will update the patch. > > Regards, Tim >