> TLS was designed to support multiple ciphersuites. Unfortunately this opened > the door > to downgrade attacks, and transitioning to protocol versions that wouldn't do > this was nontrivial. > The ciphersuites included all shared certain misfeatures, leading to the > current situation.
On the other hand, negotiation let us deploy it in places where full-strength cryptography is/was regulated. Sometimes half a loaf is better than nothing. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography