On Thu, Apr 30, 2015 at 2:43 AM, [email protected] <[email protected]> wrote: > Here is the reference to NIST Special Publication SP 800-52 revision > 1: > http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf > > Abstract: > "This Special Publication provides guidance to the selection > and configuration of TLS protocol implementations while making > effective use of Federal Information Processing Stand > ards (FIPS) and NIST- recommended cryptographic algorithms, > and requires that TLS 1.1 configured with FIPS- based cipher > suites as the minimum appropriate secure transport protocol > and recommends that agencies develop migration plans to TLS > 1.2 by January 1, 2015. This Special Publication also > identifies TLS extensions for which mandatory support must be > provided and other recommended extensions."
I'm still not convinced. The version of FIPS140-2 I have does not reference SP800-52. So the same argument applies. It should be FIPS documents referencing the TLS 1.0 removal requirement, not vice-versa. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
