On Wed, Sep 06, 2023 at 12:53:39PM -0400, Chris Lonvick wrote: > Hi Viktor and all, > > I see your point. > > How about if the phrases "MUST NOT offer TLS_RSA_WITH_AES_128_CBC_SHA" in > Sections 4 and 5 be changed to "SHOULD NOT offer..."? > > This seems to be more consistent with Section 4.2.1 of RFC 9325 (BCP 195) > and will continue to allow devices to offer that algorithm --and allow log > messages to continue to be delivered during a transition.
How would having a MUST NOT break things? Servers are already required to ignore any unsupported or disabled ciphersuites. -Ilari _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta