On Sat, 6 Oct 2018 at 13:03, Dirkjan Bussink <[email protected]> wrote: > > Hi Emeric, > > > On 24 Sep 2018, at 15:33, Emeric Brun <[email protected]> wrote: > > > > Seems good for me except for documentation: > > > > Could you precise in the old "ciphers" description that this applies only > > for TLSv <= 1.2. (and add a ref to the new keyword for TLSv1.3) > > I have updated the documentation. Hopefully this is good then. Would it be > possible to also backport this to 1.8 so that we could deploy a future 1.8 > stable version with OpenSSL 1.1.1 in the future?
There is one space too much in the beginning of the penultimate line in the doc of "ssl-default-server-ciphersuites" (--> <--TLSv1.2 and earlier, please check). I agree we should backport this to 1.8. As far as I can see, this change is as safe as it could be (as everything is #ifdef'ed and exludes boringssl and libressl), and frankly we are gonna need this in 1.8. To'ing Willy. Thanks for this, Lukas
