+1
OpenSSL support TLSv1.2 from v1.0.1, and our minimum requirements of it is
v1.0.2. from v9.0.0. There're no problems.
- Masaori
On Wed, Jun 5, 2019 at 8:19 AM Patrick O'Brien <
patrickobr...@tetrisblocks.net> wrote:
> +1
>
>
> On Tue, Jun 4, 2019 at 4:02 PM Sudheer Vinukonda <
> sudheervinuko...@yahoo.com> wrote:
>
>> +1
>>
>> We may need to also review the default settings for
>> {{proxy.config.ssl.server.cipher_suite}} to make sure it's up-to-date and
>> consistent with turning off TLSv1.1 and TLSv1.0?
>>
>> Thanks,
>>
>> Sudheer
>>
>> On Tuesday, June 4, 2019, 3:14:09 PM PDT, Leif Hedstrom <zw...@apache.org>
>> wrote:
>>
>>
>> Hi all,
>>
>> in the spirit of
>>
>> https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-04
>>
>>
>> I’d like to propose that we change the defaults for our settings, to turn
>> these two protocols off by default:
>>
>> proxy.config.ssl.TLSv1=0
>> proxy.config.ssl.TLSv1_1=0
>> proxy.config.ssl.client.TLSv1=0
>> proxy.config.ssl.client.TLSv1_1=0
>>
>>
>> The code / features will still be there, and can either be turned on
>> globally, or (better IMO) turned on per SNI in ssl_server_name.yaml /
>> sni.yaml.
>>
>> Any concerns / objections?
>>
>> — Leif
>>
>
