Hi, To let old browsers connect to a host most hosts will support weak or broken ciphers for the forseable future.
A feature to pin the CIPHER SUITE would be desirable. It would allow a client to learn a set of 'strong' ciphers available on client and host side. Any downgrade attack to a weaker cipher would fail. This feature could be optional or mandatory to be configured on the host. Please discuss. Opinions welcome. regards, ralf
_______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec