Hi Rene, > I have noticed quite the contrary. TLS v1.0 and TLS v1.1 is still in use, > even TLS v1.2 - many years after the standards were being published. > Adoption is very slow. I am sure that TLS v1.3 implementation will take a > couple of years. > This being said, yes, the best practices and recommendations change, but > not as often as people buy new clients. The ACH guide is still valid for > most configurations.
That’s the problem. There are some driving forces like Google[1], Github[2] or Cloudflare[3] which usually are light-years ahead of the majority of other companies. Generally it’s very safe to say that what these companies do, can be considered as current best practice. Just to give a few examples.. [1] https://tools.ietf.org/html/rfc7905 [2] https://githubengineering.com/crypto-removal-notice/ <https://githubengineering.com/crypto-removal-notice/> [3] https://blog.cloudflare.com/introducing-tls-1-3/ <https://blog.cloudflare.com/introducing-tls-1-3/> Cheers Dominic
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
