On 2024/08/06 17:12, Marco Moock wrote: > Am Tue, 6 Aug 2024 05:02:14 -0400 > schrieb Neil Horman <nhor...@openssl.org>: > > > 1) Are distributions/users comfortable with this approach in the time > > frame proposed? > > As a user, this is acceptable for me, but I know there are still > machines outside that only offer such old versions. > Some of them can't be upgraded easily because the vendor doesn't > provide any new versions.
BTW, mainstream web browsers disabled pre-1.2 TLS by default around 2020. > > 3) If the deprecated protocols are re-enabled, what would constitute a > > reasonable warning mechanism to inform users that these protocols are > > going away at some point in the future to pressure users to update to > > a newer, more secure protocol? > > Is it reasonable to output that on STDERR any time those protocols are > used? >From a library?!
