On Dec 2, 2020, at 11:00 AM, Ted Lemon <mel...@fugue.com> wrote: > The situation right now is that it’s been known for a long time that RC4 and > MD5 are not safe to use. Your vendors have known about this for a long time. > If they do not have a roll-out plan for software that corrects the problem, > you have chosen the wrong vendors. Look at your agreements with them. Are > they honoring them? If not, you have recourse. If you didn’t contract with > them to anticipate change, it’s time to go fix that.
Sorry, I was talking about the wrong document. But the point is the same. If you are using TLS 1.0 or TLS 1.1, your vendors should long since have offered you an upgrade path. If they haven’t, you chose the wrong vendors. Get to work on fixing that now, rather than complaining to us. A failure to plan on your part does not constitute an emergency on our part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
