On Sun, Apr 15, 2018 at 12:15:55PM -0400, Viktor Dukhovni wrote: > > > That said, I'm puzzled by the notion of "A certificate that is incompatible > with TLS1.3". A certificate is a certificate, and introducing TLS 1.3 does > not in any change the validity of the certificate, TLS 1.3 did not rewrite > RFC5280. So if there's a certificate we're disallowing with TLS 1.3, that's
IIUC a fixed DH certificate is incompatible with TLS 1.3 but can be TLS 1.2-compatible. -Ben _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
