On Monday, 11 June 2018 23:52:55 CEST David Benjamin wrote:
> In both TLS 1.2 and TLS 1.3, SHA-256 isn't hardcoded per se. It's a
> function of the cipher suite you negotiate (and also, separately, the
> signature algorithm you negotiate). That said, in practice, both are pretty
> solidly dependent
Just to add to this excellent answer ... there is the signature on the
certificates used, which is independent of the cipher suite that you
negotiate but also commonly uses SHA256. Truly moving from SHA256 would
require CAs, Browsers, etc to adopt something new there too.
On Mon, Jun 11, 2018 at
In both TLS 1.2 and TLS 1.3, SHA-256 isn't hardcoded per se. It's a
function of the cipher suite you negotiate (and also, separately, the
signature algorithm you negotiate). That said, in practice, both are pretty
solidly dependent on SHA-256. Most options involve it. AES-128-GCM and
ChaCha20-Poly1
Hi,
TLS 1.2 uses sha256 as the prf hash function. When sha256 will not be
considered secured, I am wondering if we can reasonably envision
deprecating sha256 for TLS 1.2 or if TLS 1.2 will at that time be
deprecated in favor of TLS 1.X X>= 3 ?
In other words, I am wondering how much we can assume