Nikos Mavrogiannopoulos <n...@redhat.com> writes: >I liked the idea of an LTS profile for TLS 1.2, however I just realized that >RFC7540 [0] blacklists (with no rationale) 3 out of the 4 LTS ciphersuites >and I'm wondering how practically useful will be that profile.
I chose the two sets of algorithms that were secure and had the most widespread acceptance/support/popularity/whatever, in other words the ones where there was the biggest chance of developers being able to say "yeah, we do that already". >[0]. https://tools.ietf.org/html/rfc7540#appendix-A I think the reason why there's no rationale is because there's no rational explanation for lumping TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 in with the likes of TLS_RSA_EXPORT_WITH_RC4_40_MD5. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls