On Aug 18, 2023, at 12:47 PM, Heikki Vatiainen <h...@radiatorsoftware.com> wrote: > Should it be noted that this provisioning method is only available > with TLS 1.2 and earlier because the method requires anonymous > ciphersuites? It confirms to the reader that this is the intended > case.
How about this: Note that server unauthenticated provisioning can only use anonymous cipher suites in TLS 1.2 and earlier. These cipher suites have been deprecated in TLS 1.3 ({{RFC8446}} Section C.2). For TLS 1.3, the server MUST provide a certificate, and the peer performs server unauthenticated provisioning by not validating the certificate chain or any of its contents. The last sentence is suggested by the RFC8446 Section C.2 Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu