On Fri, Dec 15, 2017 at 07:33:44PM +0000, Tim Hollebeek wrote: > > However, servers are easier to upgrade than clients, which is why you see > some of the server side support you mention. I know CloudFlare in > particular helped a lot of people cope with communicating with clients who > had different certificate capabilities. It isn't a bad thing that both > approaches exist.
Also, it should be noted that the past two migrations needed to be compatible with TLS 1.0 and 1.1, which have much less advanced signature negotiation than TLS 1.2 (and 1.3). However, there are enormous amount of very badly configured servers out there, so it is doubtful how quickly things change. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls