Eric: > I'm not seeing anything in that 'graph which would ever *require* you to > disable down-version TLS. The last normative is a MAY, not a MUST.
It starts with: > Implementations MUST NOT negotiate TLS versions earlier than 1.2, so we have to do something. Me: >> I assume the default would be no for TLS 1.2 and yes for TLS 1.3 >> Should we be specifying min version rather than allowing various versions? >From several messages ago: Since Gary was suspicious of 1.3, I poked a bit. 1.3 is not widely available yet. (Available enough to test.) I think we should specify a min version of 1.2 Another item for the review occasionally list. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel