* Tim Rühsen <[email protected]> [180619 13:18]: > On 06/19/2018 12:44 PM, Loganaden Velvindron wrote: > > Hi All, > > > > As per: > > https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00 > > > > Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by > > default. No doubt that this will cause some discussions, I'm open to > > hearing all opinions on this. > > > > Good idea for the public internet. > > IMO there are too many 'internal' devices / hardware that are not > up-to-date and impossible to update. > > What about amending the patch so that we apply it only to public IP > addresses ? > I like this idea. Also, the user should retain their freedom to connect to an insecure server as well. We should have a switch that will allow falling back to TLS 1.0 and 1.1.
> And even then - we should not just 'fail' on older servers but tell the > user why wget fails and what to do about it. In the end, the user is > responsible and in control. > > Regards, Tim > -- Thanking You, Darshit Shah PGP Fingerprint: 7845 120B 07CB D8D6 ECE5 FF2B 2A17 43ED A91A 35B6
signature.asc
Description: PGP signature
