Gary E. Miller via devel writes: >> >*tls1.3ciphers [list]* List of TLS 1.3 ciphers to negotiate, in >> >prefered order. TLS 1.2 and 1.3 ciphers are different and must be >> >specified separately as OpenSSL needs them separately. >> >> Again. The barrier to entry for these is higher because they >> would need a non-trivial grammar modification. Tell me a real use >> case; explain why we should pay the complexity cost before we get >> an RFE from a real user. > > Real use case? Because they are required by multiple RFCs. We > are supposed to be implementing the RFCs. Right?
Changing the OpenSSL ciphersuites is typically done on system-level, application-level is not unheard of, but I haven't personally seen a per-server configuration. >> >*ntpciphers [list]* List of ciphers to negotiate, in prefered order >> >for the NTPD connection. The server must support >> >AEAD_AES_SIV_CMAC_256. >> >> And again. OK name this time, but still looks like gingerbread and >> chrome to me. > > As required in the Proposed RFC. The RFC says the client needs to tell the NTS-KE all supported ciphers. It doesn't say it must support different ciphers for different servers. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Waldorf MIDI Implementation & additional documentation: http://Synth.Stromeko.net/Downloads.html#WaldorfDocs _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
