On Fri, 2017-03-03 at 15:32 -0800, Bradford Wetmore wrote:
> An interpretation question for our older RFCs, in particular TLSv1
> [RFC2246] and TLSv1.1 [RFC4346] in the context of recent
> developments
> [SWEET32].
>
> In particular, likely for minimal interoperability reasons, specific
>
Hi, Brad
What Martin said. Additionally, I work for a vendor that has to really “lawyer
up” sometimes.
So if RFC 2246 says “MUST implement X” and your code doesn’t implement X, just
don’t claim compliance with RFC 2246. You can still have TLS 1.0 code for BC.
In general, people looking for
If you want to lawyer up on this, I think that the official
interpretation is that those RFCs were obsoleted by RFC 5246 and so if
you support 5246, you can do what it says and not what the older specs
say. I don't think that anyone will fault you if you decide to burn
all traces of DES from your
An interpretation question for our older RFCs, in particular TLSv1
[RFC2246] and TLSv1.1 [RFC4346] in the context of recent developments
[SWEET32].
In particular, likely for minimal interoperability reasons, specific
3DES-based ciphersuites must be implemented in TLS:
TLS 1.0
In the