On Sun, Apr 15, 2018 at 12:15:55PM -0400, Viktor Dukhovni wrote:
> That said, I'm puzzled by the notion of "A certificate that is incompatible
> with TLS1.3".  A certificate is a certificate, and introducing TLS 1.3 does
> not in any change the validity of the certificate, TLS 1.3 did not rewrite
> RFC5280.  So if there's a certificate we're disallowing with TLS 1.3, that's

IIUC a fixed DH certificate is incompatible with TLS 1.3 but can be
TLS 1.2-compatible.

openssl-project mailing list

Reply via email to