>>*tls1.2* Allow TLS1.2 connection. >>*tls1.3* Allow TLS1.3 connection. > Second, why would you ever want one of these allow bits off? I want to hear > a good story here not just to convince me that they're worth the complexity > but so it can go in the documentation.
>From the draft: Implementations MUST NOT negotiate TLS versions earlier than 1.2, SHOULD negotiate TLS 1.3 [RFC8446] or later when possible, and MAY refuse to negotiate any TLS version which has been superseded by a later supported version. -------- I assume the default would be no for TLS 1.2 and yes for TLS 1.3 Should we be specifying min version rather than allowing various versions? Do we need a way to test 1.2? Maybe we can wait until we find a box that doesn't support 1.3 yet. ---------- > Again. The barrier to entry for these is higher because they would need a > non-trivial grammar modification Does the grammar support quoted strings? -- These are my opinions. I hate spam. _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
