> > Does the TLSv1.3 support need to be production ready? > > TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger > existing behaviours, I would have assumed it’s relatively safe to release > with caveats in the docs. > Of course, once there’s more take-up of TLSv1.3, then the test suite needs to > be useful. Getting real-world feedback about something completely new that > doesn’t endanger existing behaviours outside of TLSv1.3 is probably > worthwhile.
The issue is that such a major feature enhancement touches a lot of code. That can cause regressions. Sometimes, some people try to reduce and restrict development and new features using that as an argument. I, and numerous others, have consistently disagreed with that as a convincing argument against adding stuff to 2.4.x. In this particular situation, the "usual suspect(s)" were actually very gung-ho on release, despite this being the exact kind of situation they would normally balk against. I was noting the discrepancy and wondering the reasoning...