> On 10 Oct 2018, at 21:04, Jim Jagielski <[email protected]> wrote:
>
>>
>> Does the TLSv1.3 support need to be production ready?
>>
>> TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger
>> existing behaviours, I would have assumed it’s relatively safe to release
>> with caveats in the docs.
>> Of course, once there’s more take-up of TLSv1.3, then the test suite needs
>> to be useful. Getting real-world feedback about something completely new
>> that doesn’t endanger existing behaviours outside of TLSv1.3 is probably
>> worthwhile.
>
> The issue is that such a major feature enhancement touches a lot of code.
> That can cause regressions.
>
> Sometimes, some people try to reduce and restrict development and new
> features using that as an argument. I, and numerous others, have consistently
> disagreed with that as a convincing argument against adding stuff to 2.4.x.
> In this particular situation, the "usual suspect(s)" were actually very
> gung-ho on release, despite this being the exact kind of situation they would
> normally balk against. I was noting the discrepancy and wondering the
> reasoning…
Fair enough, I hadn’t checked to see how invasive the change was. I had assumed
a lot of "#ifdef TLSV13” protecting current behaviours.
- Mark
