On Tue, Jan 12, 2016 at 12:27 PM Peter Bowen <pzbo...@gmail.com> wrote:
> The gaps seem to be: > - No TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite allocated > (BoringSSL has an implementation using cipher suite 0xca,0xfe) > 0xca,0xfe has since been removed as nothing was using it. I'm not aware of anything that ever shipped with it enabled. https://boringssl.googlesource.com/boringssl/+/1feb42a2fbbd8c1a1ed945edb5836d69f7241cda David > - DH parameters -- the alternative would be using FFDH named groups > (draft-ietf-tls-negotiated-ff-dhe-10), right? > > This would only leave "Get rid of the IPsec cargo-cult MAC truncation", > right? > > Thanks, > Peter > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls